pageok
pageok
pageok
Magistrate Judge Finds Fifth Amendment Right Not to Enter Encryption Passphrase:
Imagine the government seizes a suspect's hard drive and finds encrypted files inside. Can the government force the suspect to enter in his encryption passphrase so the government can view the decrypted files? Or does the Fifth Amendment privilege give the suspect a legal right not to enter in the passphrase? On November 29, Magistrate Judge Jerome Niedermeier in Vermont handed down the first opinion to squarely address the issue: In re Boucher. Judge Niedermeier ruled that the defendant did have a Fifth Amendment privilege in such circumstances. This is a hard issue, but I tend to think Judge Niedermeier was wrong given the specific facts of this case.

  First, the facts. Boucher was crossing the border from Canada to Vermont when border agents began to suspect he had child pornography in the car. They saw a laptop in the back of the car and opened it up. It was not password-protected, an an agent began to look through it. (By way of background, the Fourth Amendment has an exception at the border that makes this search legal.) The agent came across several files with truly revolting titles that strongly suggested the files themselves were child pornography. The files had been opened a few days earlier, but the agent found that he could not open the file when he tried to do so. Agents asked Boucher if there was child pornography in the computer, and Boucher said he wasn't sure; he downloaded a lot of pornography on to his computer, he said, but he deleted child pornography when he came across it.

  In response to the agents' request, Boucher waived his Miranda rights and agreed to show the agents where the pornography on the computer was stored. The agents gave the computer to Boucher, who navigated through the machine to a part of the hard drive named "drive Z." The agents then asked Boucher to step aside and started to look through the computer themselves. They came across several videos and pictures of child pornography. Boucher was then arrested, and the agents powered down the laptop.

  Now here's where it gets interesting. Two weeks later a government forensic analyst started to analyze the machine. He created a "mirror" copy of the hard drive and then looked at the mirror to see what it contained. But it turned out that the part of the hard drive that was designated "drive Z" was encrypted with the popular software program PGP, and no one — no one, presumably, except for Boucher — knew the password. The government tried to guess the password and failed, so the grand jury issued a subpoena to Boucher ordering him to disclose the password to drive Z. Boucher's counsel them moved to block the subpoena, arguing that he had a Fifth Amendment privilege not to comply. The government responded that it would be happy to just have Boucher enter in the password without the government ever seeing it. The Court thus addressed only whether Boucher had a Fifth Amendment privilege not to enter in the password.

  Judge Niedermeier ruled that Boucher did have such a privilege and quashed the subpoena. According to Judge Niedermeier, entering in the password would be testimonial.

Related Posts (on one page):

  1. More on Encryption, the Fifth Amendment, and the "Foregone Conclusion" Exception:
  2. Magistrate Judge Finds Fifth Amendment Right Not to Enter Encryption Passphrase:
Crunchy Frog:
PGP is Pretty Good Privacy. It's not absolute, however, and given a powerful enough computer and a couple days number-crunching, it can be defeated.

On the 5A issue, I agree with the the court on this one. It's up to the government to develop its own evidence, not have it handed to it on a silver platter.

At any rate, the penalty for refusing the subpoena should be less than for possession of kiddie porn, so Boucher would be inclined to tell the investigators to screw themselves regardless.
12.14.2007 7:20pm
EH (mail):
Ob(li)vious nonlawyer here.

Boucher won't be "bringing" the files to the police in response to an order to incriminating files; he will merely be opening the door to the safe that we all know is his and that we seem to know he knows how to open.

I think this is why analogies to the physical world don't (or shouldn't) apply. If the action/information would result in additional counts of the same crime they already have evidence for, would that not trigger 5A? If it were a physical safe, would a contempt charge result even if the police owned a cutting torch?
12.14.2007 7:28pm
Another Commenter:
Why do you think this is different from the combination lock analogy? Presumably in that case the defendant also knows the combination.

I never understand these kinds of facts. When asked to enter the password the first time, why didn't he say "no"? Why on earth would he waive his miranda rights?
12.14.2007 7:29pm
whit:
"On the 5A issue, I agree with the the court on this one. It's up to the government to develop its own evidence, not have it handed to it on a silver platter."

i disagree and here's why. at least as i have been taught, this is a 5th amendment issue, and the right not to be a witness against oneself, incriminate oneself, etc. refers to testimonial evidence. you cannot force (even by subpoena, warrant, or whatever), somebody to TESTIFY against themself (confess, etc.)

you most certainly can force them to provide EVIDENCE against themself - such as (given appropriate orders, warrants, etc. ) - DNA, check their hands for offensive/defensive wounds, blood sample for alcohol analysis, etc.

this is just such a case.

part of the way the govt. develops "its own evidence" is by (assuming they have the necessary probable cause, order, etc.) searching for evidence, and compelling it be turned over.

he absolutely established that he had an expectation of privacy - especially since the files were encrypted. that means the govt. has to establish PC etc. to search the hard drive. which they had. the fact that he encrypted it does not mean they have no authority to do so, nor does it mean he has some kind of (invented) right not to turn over the password given proper PC and court order.

otoh, if he said he FORGOT the password, could they really prove beyond a reasonable doubt that he was lying about that?
12.14.2007 7:30pm
OrinKerr:
Crunchy Frog,

When you say you agree with the Court, I gather that means you disagree with me; I'm curious, where do you think I go astray?
12.14.2007 7:30pm
RigorAllTheTime (mail):
Gosh, I can't remember my password. I think it was "rolston"
Oops, I guess not. Maybe "roslton"
Oops, I guess not. Maybe "soltron"
Oops, I guess not. Maybe "noslot"
Oops, I guess not. Maybe "tlosron"
Oops, I guess not. Maybe "thiscangoonforever,chump"
12.14.2007 7:30pm
whit:
"why didn't he say "no"?"

a smart person would have said "i can't remember the password right now, i'm so stressed out".

" Why on earth would he waive his miranda rights?"

this has been explained about a million times. there are all sorts of reasons why people waive miranda, due to a # of issues. you have to look at it from a psychological angle. also note that waiving miranda is NOT necessarily against your best interests. i have seen many many cases where suspects waiving miranda helped them out significantly.
12.14.2007 7:32pm
Guest101:
I don't know a whole lot about the Fifth Amendment either, but your analysis sounds right to me. I would add, though, that where the fact of the defendant's ownership and control of the computer and knowledge of the password is a foregone conclusion, the question strikes me as more analogous to a Fourth Amendment issue than a Fifth Amendment one-- the government is essentially seeking to search the contents of Boucher's property for evidence of wrongdoing. It sounds like there is ample probable cause for conducting that search, and the fact that the "key" to the property is an alphanumeric string with no testimonial component rather than a traditional key or passcard seems irrelevant. If, at this stage of the proceeding, the government wanted to search Boucher's home (putting aside for the moment the complications involved in the fact that his home is apparently in Canada) for child pornography, could that search be prevented if Boucher's home had a high-tech security system that operated on the basis of a spoken passphrase or a numeric code rather than a traditional key? I very much doubt it, though that result would seem to follow from the magistrate's holding. It certainly could not be prevented on the ground that it might find additional evidence of criminal activity in the home-- that's the point of the search!-- but that seems to be the basis of the magistrate's ruling.
12.14.2007 7:36pm
whit:
orin, i have to say i agree with you - which is nice! :)

i'd analogize this to a DUI case. assuming the person is in custody (differentiating from the traffic stop which is an investigative detention up until the point it becomes a custodial arrest), and thus since they guy is now in custody, triggering miranda assuming interrogaton was to begin.

the 5th, and the flawed reasoning behind miranda included, does not mean one would have to mirandize the person before asking them to perform field sobriety tests. why? because nystagmus, walk and turn, one leg stand, etc. are not "interrogation", and they are not likely to elicit an incriminating response - testimony.

they are a search for direct evidence, not testimonial evidence.

cops can search the hard drive if they have PC and a warrant, or consent.

the fact that its encrypted is irrelevant to the above. it's still evidence, they have the authority to search.

people have rights, the state has authority(s) or in the case of eric cartman "authoritah".

he doesn't get some kind of magical pass because he chose to use encryption.

as long as the cops can establish that they have PC to search the hard drive, and they have the order, they have the authority. thus, he has no "right" not to tell them the password, any more than he has the "right" to stand behind the door of a house they have authority to search and not let him in, or he has the right to keep them from poking a needle in his arm to draw blood (assuming they have PC for that, etc.).

they certainly couldn't ask him "did you put these files on the hard drive" etc? without mirandizing him, nor could they compel him to answer. i also think that since they can COMPEL him to give the password, they should not be able to introduce as evidence - the fact that he knew the password, based on the fact he gave it to them. if they can otherwise establish it - through his testimony etc. (i know the password and im not telling), fine.
12.14.2007 7:41pm
whit:
guest101. perfect analysis (imo). it is a FOURTH amendment issue, NOT a fifth amendment. i think the court got caught up on the fact that a password is some string of letters, numbers. it's a THING, just like a lock or security system, or the files themselves
12.14.2007 7:43pm
Guest101:
I suppose, for whatever comfort it might give Boucher, that the Fifth Amendment would probably preclude introducing the content of the password at trial if he were forced to divulge it. So if the password to drive Z is "ilovelittleboys," the government can't introduce that against him at trial-- though it probably already tried that one.
12.14.2007 7:48pm
Mike Keenan:
"PGP is Pretty Good Privacy. It's not absolute, however, and given a powerful enough computer and a couple days number-crunching, it can be defeated."

There are no publically known such insecurities in the PGP product.

"The agents powered down the laptop" Oops...
12.14.2007 7:50pm
juris_imprudent (mail):
I'd be just a bit curious about how the agents established a reasonable suspicion he had child porn, prior to powering up the laptop (assuming all evidence of child porn was contained in files on the laptop).

I agree that once he disclosed the contents the first time, he abandoned the protection of the 5th (unless he was contesting he was under duress the first time around).
12.14.2007 7:55pm
alkali (mail):
First, the facts. Boucher was crossing the border from Canada to Vermont when border agents began to suspect he had
child pornography in the car.


How exactly did that work, one wonders? "Is it just me, or does the guy in the red Toyota in lane 5 look like he's got child porn on his mind?" "Gadzooks, you're right! Let's pull him over!"

I'm sure there's some kind of story there, but it's a bit mystifying as written.
12.14.2007 7:58pm
OrinKerr:
juris_imprudent,

Are you sure they need reasonable suspicion? The district court in Arnold said so, but that's just a district court in California and (based on the oral argument) is probably about to be overruled by the Ninth Circuit anyway.
12.14.2007 7:59pm
byomtov (mail):
In distinguishing testimonial from non-testimonial acts, the Supreme Court has compared revealing the combination to a wall safe to surrendering the key to a strongbox. See id. at 210, n. 9; see also United States v. Hubbell, 530 U.S. 27, 43 (2000). The combination conveys the contents of one's mind; the key does not and is therefore not testimonial. Doe II, 487 U.S. at 210, n. 9. A password, like a combination, is in the suspect's mind, and is therefore testimonial and beyond the reach of the grand jury subpoena.

Am I correct in reading this to mean that the 5th Amendment means I don't have to give the police the combination to my safe, but doesn't mean I can refuse to give them a physical key? To a naive non-lawyer like myself this defies logic, but if it's right then I don't see why a combination is more privileged than a password.
12.14.2007 8:00pm
osiris:
The fact that he already demonstrated that he knew the password and in fact opened it for the officers should preclude this. He's already opened the door and now cannot shut it. In this way I tend to think of it as destruction of evidence. He's shown it to the officers and now is saying that they cannot possibly get to it again.

However, if he hadn't shown the files to the officers already, then I'd agree with the judge and he should not be compelled to give up the password on 5th amendment grounds.

The UK has a law that compels disclosure upon demand. It's a law that I happen to disagree with.

Yes, I'm one of those non-lawyer types who just happens to read this blog daily.
12.14.2007 8:01pm
OrinKerr:
Alkali,

My sense is that these cases come up in various disturbing ways: very young children's clothes in the car but no children, a person who has been under suspicion before, etc. I suppose I could have called up the lawyers and tried to get the full story, but it's not actually relevant to the legal issues raised in the case and those facts aren't in the opinion.
12.14.2007 8:02pm
AnonLawStudent:
How would this be distinguishable from a case where:
(1) The government has one dead body and blood evidence that someone was in violent contact with a second missing person, i.e. an admission that "Sure, that bloody shirt is mine."
(2) Then obtains a subpoena requiring the (guilty of one, a definite suspect of a second) murderer to reveal the location of the second body.

I don't think you would argue that providing (2) is not communicative. But by Orin's argument, it's just the location of an object. If I'm not picking up on something, please explain.
12.14.2007 8:04pm
CrimeDog:
Did any one else notice that the opinion is dated in the year 2009? Could this be science fiction?
12.14.2007 8:06pm
Bama 1L:
I suppose I could have called up the lawyers and tried to get the full story, but it's not actually relevant to the legal issues raised in the case and those facts aren't in the opinion.

This is why law school is no fun.
12.14.2007 8:08pm
CEB:

Am I correct in reading this to mean that the 5th Amendment means I don't have to give the police the combination to my safe, but doesn't mean I can refuse to give them a physical key? To a naive non-lawyer like myself this defies logic, but if it's right then I don't see why a combination is more privileged than a password.


This is based on a statement in the dissent in Doe v. United States, 487 U.S. 201, where Stevens says:

He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe -- by word or deed.


The majority addresses this by saying that the situation was more analogous to a key than a combination. In this case though, it seems that the password is closer to a combination, so--at least based on that wisp of precedent--the judge here was right.
12.14.2007 8:09pm
David Schwartz (mail):
I agree with AnonLawStudent. I also don't see how to square the article's reasoning with the reasoning in Hubbell. I don't think the facts of Hubbell apply, since the government knows what it's looking for in this case, but the reasoning does.
12.14.2007 8:15pm
OrinKerr:
CEB,

But note that Boucher was not being compelled to reveal the password; he was only being compelled to use it. I think that responds directly to Stevens' argument.
12.14.2007 8:15pm
hattio1:
I have to disagree with everybody here. If there really is caselaw (or even dicta) out there saying that a key is not testimonial, but a combination to a safe is, it seems like the issue is closed (leaving out the foregone conclusion doctrine for a moment). You can argue that the Supreme Court caselaw should be overturned (or if its dicta, ignored), but that's saying the law should be different, not that it is. I think we want magistrates who decide cases on what the law is, not what they want it to be right?
As to the foregone conclusion doctrine, if it really has only been used in previous cases for the production of documents and other physical things, the same analysis applies.
Orin, I understand that you think the law should be different, but how do you distinguish this from the safe combination? It seems like, at least in the average case, we would know who the safe, and therefore the contents of the safe, belong to. I suppose if there is an apartment or business office rented in a false name or by a dummy corp, we might not know. But if its in someone's home, the safe belongs to the homeowner too.
12.14.2007 8:15pm
hattio1:
As to the question posed by someone else, what can they actually do, if he is ruled against, and still refuses to give up the password? I know they can throw people in jail for civil contempt, and generally hold folks there until it is cured, but I believe there is case law out there saying that the length of time they can hold them is limited. That would almost surely be less time than multiple child porn convictions.
12.14.2007 8:18pm
OrinKerr:
AnonLawStudent,

I don't understand your hypo. Can you clarify who says what, who is the suspect,and whose shirt is it?

David Schwartz,
Can you quote the passage of Hubbell that you think is dispositive here?
12.14.2007 8:18pm
OrinKerr:
Hattio1,

I am puzzled by your comment on several grounds. First, I didn't say I think the Supreme Court law should be different. I don't know why you seem to believe otherwise.

Second, the caselaw suggests that handing over a key is okay but disclosing a combination would not be. Why do you think that entering in a passphrase but not disclosing it is like disclosing a combination but not like handing over a key?
12.14.2007 8:23pm
hattio1:
Orin,
How does it help that he's only being asked to use it? First off, "just" opening the drive gives up all testimonial aspects of using the password; ie., z drive is mine, or at least I have access and control over it. Secondly, officers could easily turn their backs while someone enters a combination to a wall safe for example.

That being said, a previous poster mentioned that this was dicta in a dissent, therefore it has little to no precedential value.
12.14.2007 8:25pm
Philistine (mail):
Isn't Hubbell also pretty clearly on point--what's being asked is for him to give information (or do an act) that implicitly shows his control, knowledge and access over the files? And thus it would be testimonial?

Now, whether that is trumped by his previous waiver where he (at least arguably) showed such control, knowledge and access I'm not sure--but I think the magistrate would be on pretty firm grounds without such waiver.
12.14.2007 8:25pm
hattio1:
Orin,
I think I answered your second question in my subsequent post. As to your first question, I was assuming that the quoted portion was from the majority, as it doesn't indicate otherwise, and actually, as it's a series of ID's, you can't tell the case.
12.14.2007 8:28pm
Dave Hardy (mail) (www):
But if it defies logic, that arises from the testimonial vs. nontestimonial distinction. If pulled over for DUI, I can refuse to say how much I had to drink (to testify against myself) but cannot refuse to blow into the breathalyzer, altho that will demonstrate exactly how much I had to drink.

The distinction arised from the fact that the Federal right against self-incrim uses the term to "testify" against himself. In the 18th century, there were no forensic tests.

In a DUI case here I argued that the state bill of rights, which says no one may be compelled to "give evidence" against themselves was broader and should cover a breathalyzer. It got shot down, of course.
12.14.2007 8:28pm
Philistine (mail):
I see others have also argued Hubbell. FWIW, I think the money quote from Hubbell is:


We have held that "the act of production" itself may implicitly communicate "statements of fact." By "producing documents in compliance with a subpoena, the witness would admit that the papers existed, were in his possession or control, and were authentic."19 Moreover, as was true in this case, when the custodian of documents responds to a subpoena, he may be compelled to take the witness stand and answer questions designed to determine whether he has produced everything demanded by the subpoena.20 The answers to those questions, as well as the act of production itself, may certainly communicate information about the existence, custody, and authenticity of the documents. Whether the constitutional privilege protects the answers to such questions, or protects the act of production itself, is a question that is distinct from the question whether the unprotected contents of the documents themselves are incriminating.

* * *

Compelled testimony that communicates information that may "lead to incriminating evidence" is privileged even if the information itself is not inculpatory. Doe v. United States, 487 U. S. 201, 208, n. 6 (1988). It is the Fifth Amendment's protection against the prosecutor's use of incriminating information derived directly or indirectly from the compelled testimony of the respondent that is of primary relevance in this case.
12.14.2007 8:30pm
juris_imprudent (mail):
Are you sure they need reasonable suspicion?

I didn't mean that in the sense of a heightened standard. It just seems a bit odd, as alkali notes, that they didn't see any evidence until they powered up the laptop. The search itself was not random - the agents claim to have had SOME suspicion, but it isn't obvious from what is written what that suspicion was based on.
12.14.2007 8:31pm
George W. Obama (mail):
But, Orin, the magistrate has it right.


The first United States Supreme Court case applying the Self-Incrimination Clause to the compelled production of documents was Boyd v. United States, 116 U.S. 616 (1886), in which the Court held that the Fifth Amendment protected a party from compelled production of private books and papers. In Boyd, the Government brought a civil forfeiture proceeding against two business partners for fraudulently attempting to import goods without paying the duty. By court order, the partners were required to produce a shipping invoice. At trial, they produced the invoice but later appealed its compelled production on both Fourth and Fifth Amendment grounds. The Court agreed with the partners, held that the invoice was inadmissible and stated that "a compulsory production of the private books and papers of the owner of goods sought to be forfeited . . . is compelling him to be a witness against himself, within the meaning of the Fifth Amendment of the Constitution." Id. at 634-635.


Don't argue in bad faith, Orin. You know Fisher was wrongly decided.
12.14.2007 8:44pm
hattio1:
Orin and others,
The disagreement with the judge seems to be completely closed down by a quote further in the "Doe II" case cited in the opinion. The majority talks about how this is more like a key than a combination. Shortly after that they talk about why it is not a combination (ie., why it doesn't prove control of the bank accounts at issue in Doe II).

The consent directive itself is not “testimonial.” It is carefully drafted not to make reference to a specific account, but only to speak in the hypothetical. Thus, the form does not acknowledge that an account in a foreign financial institution is in existence or that it is controlled by petitioner. Nor does the form indicate whether documents or any other information relating to petitioner are present at the foreign bank, assuming that such an account does exist.

Given that quote, how does the password not testify that a SPECIFIC drive and the contents of that drive are controlled by Defendent?
12.14.2007 8:45pm
hattio1:
BTW, that is Doe v. US 487 US 201, 215 (1988)
12.14.2007 8:46pm
Westie:
Orin,
Would you hold the same opinion if the suspect confessed before being Mirandized but then wouldn't confess after being Mirandized? Presumably, the suspect *should* under your logic, have to confess again, because the police would just be getting back to where they already were. And the contents of the mind were just being produced again for the convenience of the authorities.
I can see your point, but I have to say I side more with the judge, here. I'm not sure yet if that's just because I don't feel like the courts should bend over backwards to rescue official stupidity (they powered down the laptop!?) or because I think the legal analysis is better than yours.
I think your argument is a loser because of the combination/key case, and I'm not convinced that "the police know he knows the password" is enough to get you out of that rule.
12.14.2007 8:54pm
Public_Defender (mail):
Why do you think that entering in a passphrase but not disclosing it is like disclosing a combination but not like handing over a key?

Because demanding a password is more like demanding a combination (information in the brain) than handing over a physical object. There is no substantive difference between saying a password and entering it onto a keypad.

Professor Kerr, do you know of any cases in which a defendant has been compelled to produce information from his brain over a Fifth Amendment challenge?

Boucher's entering in the password won't amount to Boucher's testimony about anything they don't already know in the context of this case.


This is utterly irrelevant. A defendant can tell a cop, "I killed my wife" one minute, and take the Fifth the next minute when the cop asks him to repeat it. It's not like the Fourth Amendment where once the idiot hands his pot to the cops, it belongs to the cops forever.

This case also shows how utterly stupid so many of our clients are. This dude goes through all the trouble of encrypting his hard drive, but then voluntarily shows the contents to the cops. Moron.

Further, why is the Government going through all this trouble? As you said, they can already put the agents on the stand, have them describe the images they saw, and send the guy to prison. Child pornography charges bring huge sentences for only a few images. Plus, creative prosecutors could find other charges to stack on this guy.
12.14.2007 8:55pm
Lior:
(as a non-laywer) I think the place where the Court and Prof. Kerr go astray is by claiming that revealing the password is an act of testimony. What would be the testimony is revealing the contents of the files. Certainly the police can demand production of the cyphertext -- it's just binary data on the hard-drive and no different than other documents -- but compelling production of the plaintext (by revealing the password or otherwise) is different. For example, say a criminal enterprise keeps its ledgers in code. Can the participants be compelled to reveal the key to the code? Say the police have a wiretap recording of mafiosi discussing cabbages, onions and zucchinis, where the government is sure they are discussing drugs of various types. Can the suspects be compelled to testify as to what the true meaning of the conversation was? If not, what's the difference from the present case?
12.14.2007 9:01pm
Crackmonkeyjr (www):
I tend to think that the 5th Amendment is interpreted incorrectly. The problem with self incrimination is that, if you pull out enough of someone's fingernails, they will confess to anything. To avoid the problem of inaccurate, forced confessions, we basically just say that you can't force someone to testify against themself, and you have to give them access to an attorney who can kind of make sure that you aren't pulling out any of their fingernails.

To this end, I think there should be an exception to the 5th Amendment similar to the hearsay exception, you can't use testimony for its truth value, but you can use it for other purposes. For example, if someone tells you where the murder weapon is (under torture or otherwise) you can still go get the weapon and use it as evidence against them. If they were tortured to get the gun, the people torturing him should be charged with a separate crime.

The reason for this is that the constitution should protect the innocent and not the guilty. Allowing tortured confessions runs the risk of leading to the conviction of innocent people. Using the testimony to get other evidence will not cause any trouble for innocent people, because an innocent person wouldn't know where the evidence was.

To apply this idea to the instant case, I don't think that it should be allowed to ask this guy whether he downloaded the porn, or if he knew that it was there, but you should be allowed to force him to hand over the password. The only possible problem I could see here is that admitting to knowing the password is likely testimonial, insofar as it may go to show that he had possession of the porn. Theoretically, the police could get the password through other methods and tell him what it was and force him to admit that he knows it. There is an easy solution to this though, admit the porn found on his computer and bar his "testimony" that he knew the password.
12.14.2007 9:04pm
Public_Defender (mail):

Gosh, I can't remember my password. I think it was "rolston"
Oops, I guess not. Maybe "roslton"
Oops, I guess not. Maybe "soltron"
Oops, I guess not. Maybe "noslot"
Oops, I guess not. Maybe "tlosron"
Oops, I guess not. Maybe "thiscangoonforever,chump"



* * *


As to the question posed by someone else, what can they actually do, if he is ruled against, and still refuses to give up the password? I know they can throw people in jail for civil contempt, and generally hold folks there until it is cured, but I believe there is case law out there saying that the length of time they can hold them is limited. That would almost surely be less time than multiple child porn convictions.


These bring up an interesting ethical question. If I lose a challenge like this and if all appeals are exhausted, can I advise my client to disobey a federal court order if I'm convinced that he's better off accepting a civil contempt penalty than the criminal penalty he would face if the government got the information he had? I imagine not.

But I could see giving advice like, "Here are your choices. 1) provide the information and go to prison forever for child pornography. 2) Face a civil contempt prison term for a maximum of ___ years. As an officer of the court, I cannot consider your best interests, and I must advise you to turn over the information even though if you don't, it will save you decades in prison."
12.14.2007 9:04pm
Brett Bellmore:
I'm just surprised somebody hasn't got a product out there, "even better privacy", that produces one set of contents from an encrypted file if you enter one password, and another, innocent, set of contents if you enter a different password. While turning the first set into random bits... The algorithm wouldn't be all that difficult to devise.
12.14.2007 9:17pm
Hayek:
Orin: Are you saying you think this issue was rightly decided if the defendant had not demonstrated posessesion of the password during the original search?

The more interesting question, which I'd like to hear people's speculation about, is whether the government really can't break PGP (and if it could, it would not need the password at all), or whether its just not willing to admit that it break PGP in the context of prosecuting a child pornography posession case.
12.14.2007 9:28pm
Cornellian (mail):
I'm just surprised somebody hasn't got a product out there, "even better privacy", that produces one set of contents from an encrypted file if you enter one password, and another, innocent, set of contents if you enter a different password. While turning the first set into random bits... The algorithm wouldn't be all that difficult to devise.

Google "steganography." You'll be amazed as what people in the encryption field have devised.
12.14.2007 9:36pm
Crackmonkeyjr (www):
My understanding is that PGP is pretty much unbreakable without the password. To break PGP, you basically need to be able to find all of the factors of an extraordinarily large integer. If I understand it correctly, you could theoretically brute force it, but even with a massive distributed network (think seti@home) everyone would be dead before it was broken. There is no proof that there is no better way to find factors, but its generally accepted that no one has figured it out yet.
12.14.2007 9:41pm
randal (mail):
Orin -

I'm interested in your response to AnonLawStudent's hypo, where there's good reason to belive that a body hidden somewhere, and the suspect is subpoenaed to tell officers where it is... and when that doesn't work, subpoenaed to take blindfolded officers to the body.

I can't quite tell from your post - are you arguing that the judge was wrong only because we already know that he knows the password? In other words, would the decision have been valid if either a) he had never previously demonstrated his knowledge of it, or b) the government was still demanding the password itself?
12.14.2007 9:45pm
Cornellian (mail):
Crackmonkeyjr is correct. They're not going to be breaking his password with brute force computing power. So unless he's left something else around that reveals his password they won't be getting access to the encrypted files if he doesn't tell it to them.
12.14.2007 9:45pm
AnonLawStudent:
Orin,

My hypo is this:
(1) Police ask a guy [Boucher] crossing the border to open his trunk. They find that he has a dead body #1 [kiddie porn Set 1] in the trunk. While examining the car, they also find a shirt that is covered in blood. When asked, the guy says "Sure, that shirt is mine." When the shirt is analyzed, the police determine that it has blood from missing person #2 [kiddie porn Set 2] in sufficient quantity to indicate missing person #2 is dead.
(2) The police obtain a grand jury subpoena requiring the guy to disclose the location of dead body #2.
12.14.2007 9:47pm
AnonLawStudent:
Or alternatively, the guy just speeds away, and hides dead body #1 before being caught. The police can testify that they saw it, but the body itself is now hidden. The grand jury issues a subpoena for the location of the dead body.
12.14.2007 9:48pm
randal (mail):
One other question -

What distinguishes disclosing the password verbally versus disclosing it by typing it in? Is it possible to prevent the government from gathering evidence as he performed his compelled action, such as by watching him type it in, by logging the keystrokes, or by fingerprinting the keyboard afterward?
12.14.2007 9:54pm
randal (mail):
Also, an interesting (but irrelevant) technical tidbit:

Given the way PGP works, the correct analogy isn't really to having files in a combination-locked wall safe. It's having files in a keyed strongbox, where the only key is in a combination-locked wall safe. (And where both the strongbox and wall safe are stronger than physically possible.)
12.14.2007 10:06pm
Cornellian (mail):
If he can be compelled to disclose the password by typing it into his computer, why can't he also be compelled to disclose the combination to his safe by being required to type the combination into a computer for people to read?
12.14.2007 10:07pm
John (mail):
I think the Fifth Amendment basically allows you to shut up and go limp until you are convicted or acquitted.

The government can take stuff from you (keys, blood, even stomach contents) but they can't make you say anything or do anything. Is there any case law out there that requires a person to talk or act?
12.14.2007 10:09pm
Wondering Willy:
John, your two sentence analysis with words like "stuff" and "shut up" is more valuable than most of the lawyerly garbage in all the previous quotes.

And I wholeheartedly agree with you.
12.14.2007 10:17pm
Shivering Timbers (mail) (www):
Brett:

I believe such a product (one one very similar) does in fact exist. I don't remember the name, but I think what it does is encrypt your Windows disk with multiple different passwords, where password A is necessary to get basic access, and password B is necessary to view the super-protected files (or even know they exist).

It also does some magic with the filesystem to completely hide the existence of the super-protected files from such high-level analysis as checking the physical capacity of the disk against the free space and total file sizes.

I just wish I could remember the name.
12.14.2007 10:28pm
DrGrishka (mail):
I don't quite understand how can the gov't force the defenant to enter the password. What if the defendant tells the government to go suck a lemon? What is the gov't going to do, stick needles under his fingernails? Or will the gov't then get a presumption that the files are indeed incriminating? Or will the defendant be jailed until he gives up?
12.14.2007 10:30pm
Random Reader:
"A better product out there" —it's called TrueCrypt, check google.

This actually raises interesting questions from my perspective—what about cryptographic dongles that supply passwords? They function identically to a good cryptographic key, and look like a physical key, but exchange digital information that's much too complicated for a person to reason through rapidly.

Really good systems rely on the presence of both a dongle and a key—could the defendant be ordered to turn over one and not the other?

What about destruction of evidence issues? I own media that is tamperproof (cannot be cracked open and physically hacked/copied/archived), and will self destruct if the wrong password is entered too many times. Is the defendant under obligation to tell law enforcement that if they attempt to crack it they will be destroying evidence? Is the defendant culpable through their inaction even with their fifth amendment right not to speak?

It's already established that 'mere access mechanisms' like a perjury-trap don't hold up—so you couldn't use a passphrase like "Under penalty of perjury, I hereby testify that I assert my identity is John Doe and I unlock this under free will and not by court order"

The judge really does appear right on. If a party can be ordered to provide a key, the prosecution should at the very least have the burden of proving that they do have it. Not only is this clearly impossible with respect to proving intent and knowledge, but it takes away the presumption of innocence—Who has never forgotten passwords before? Worse yet, with the aforementioned systems (truecrypt), I could provide any number of passphrases, providing any number of different "realities". One of my hard drives at this moment has a 10G sector of pure random numbers (indistinguishable from encrypted data), that is waiting to have an encrypted sector assigned to it. If I was arrested at this moment, a court order to 'reveal a key' would be impossible at worst, and at best result in me fabricating a lie. A court would of course order production of 'all necessary keys'—but at what point do they stop and believe me when I indicate that this last random block is truly just garbage? Believe me when I state that mathematically speaking, for anyone but your worldclass intelligence institutions—there is no way to tell the difference

Am I to be held accountable for every single website I ever registered for, until the end of eternity?

Public Defender—I like your point. I have heard that in some nations, they do not impose additional penalties on individuals who attempt to escape from prison (assisting is another matter), because they recognize the natural state of any individual is to seek their own freedom. I'd like to take your comment one step further—a defender is the last barrier between their client and the awesome power of "The State" If at any time they ever ceased to act with their client's best interests in any capacity—could any client ever trust them (all defenders) again? As the last obstacle between a loss of freedom, and (in some nations) death—I submit that any action whatsoever to the detriment of the client for the benefit of the state or its laws is likely to unravel the delicate social fabric of respect and respect for authority that holds the legal systems together. If people cannot trust their solicitor, then even the innocent accused suffer widely. Just a few thoughts...
12.14.2007 10:32pm
jim:
So hypothetical time:

Let's say I have a computer with (1) some files on it that are not password-protected, (2) some files that are password protected to which I possess the password, and (3) some files that are password-protected to which I do NOT possess the password. (So far is still actually true).

Now let's say that I do not know the contents of some of the files in category 3. (This is (probably) not true of me, but it is plausible for some people.) Were some of the files in category 2 or 3 to be illegal and were my culpability for possessing those files to be at all dependent upon my knowledge of their contents, I would be incriminating myself by revealing which category (2 or 3) a given file belonged to.

By providing a password for a file, even if I don't disclose the password, I still reveal which category the file is in. I have testified to the ability to open the file, something that is in doubt before I testify to it. That appears to incriminate me.

Now perhaps I misunderstand the uses of PGP. Perhaps it is unlikely that one might use it in a manner similar to the way password protected .zips (inside torrents) are used. But unless someone can substantially differentiate this case from my hypothetical, I am inclined to think this judge is fairly astute.
12.14.2007 10:40pm
Avatar (mail):
Random, I have to object to your conclusion about public defenders. Certainly, it's in the system's interest if they honestly represent their clients to the best of their abilities. But at the same time, the presence of certain restrictions is plausible - the defendant is there to represent the client in a trial before a court of law, not to aid him against all comers. If my client's guilty of a capital crime of which there is not the slightest doubt, with many aggravating factors and no mitigating ones whatsoever, theoretically it's in his best interest to strangle the bailiff, jack a car, and head for another country - worst case scenario is just as bad as staying in court, right? But obviously if your client tells you that he's planning to do just that, you're not allowed to assist him, even by remaining silent while he does it.

All that said, this is a big, big "uh oh" for computer law enforcement. If you can't be compelled to reveal encrypted data on a machine in your possession, by a constitutional right, then you can expect a huge explosion of encryption to follow. Hell, I would - why risk that some cop might want to check to make sure my work didn't contain any child porn? (Especially as I subtitle anime for a living - the distinctions can be fine enough that I might not want an angry cop making the call!)

On the other hand, if you really do have something vile on your drive, and not just scans of a porno book that sells on the newsstand in Japan, why in God's good name would you decrypt it in front of a cop? "Dunno, that's been there since I got the computer, think it's a system restore something or other." You could even rig the computer to look like it had been hacked and the (encrypted) data put there without your knowledge... But even telling the judge to sit and spin on your data encryption password isn't as bad as a conviction for full-on child pornography, no? In this case, Boucher can't even claim "look, I gave you the right password, it's not my fault if it won't open", since he opened it himself!
12.14.2007 10:58pm
Random Reader:
Avatar-- I believe you made my argument for me better than I could have possibly phrased it, despite the absurd hypothetical situation. A system that presents people with two bad choices should not be surprised when people pick the most favorable (bad) one.

If the rational conclusion when thrown into such a situation is to engage in such activities, then why be surprised when it happens? Given the choice of going to jail for a year and longer incarceration followed up by a lifetime registry as a sex offender, being tagged, and risking being murdered by your neighbors, in addition to being a convicted felon who no longer has many basic rights--the choice to a rational individual is quite obvious. The order to reveal information puts an individual in the situation of imminent danger to their liberties, or to disobey the court and accept a (lesser) threat.

Similarly--with public defenders, if they fail to provide meaningful advice to their clients, and instead act in the interests of the state, why would anyone trust them with their well-being? Yes, I don't expect my solicitor to smuggle a pistol into the jail for me--but anything less than completely candid advice on my best interests, and they can no longer be expected to provide the counterbalance they were intended to. Worse yet--they risk being viewed as an agent of the state itself, and not trusted by the innocent who need them to preserve their liberties. How can I even trust them to tell me I should refuse something pending an appeal when that might be a mere ploy?
12.14.2007 11:34pm
Lakhim (mail):
Avatar:

I think it is a big "uhoh" for the police no matter what. That's why they keep trying to find weaknesses in encryption methods. I personally favor the idea that the police can get a warrant for the encrypted (cypher) text, but they can not force someone to give up plain-text. Encryption in and of itself is not illegal, and without cause I don't think they even have a reason to search inside of it. But because the material is (possibly) incriminating, to the extent that if it is revealed in plain-text he's going to jail for a long time, the fifth logically applies. Now, if the cops can break the encryption, bully for them, but they can't compel it.
12.14.2007 11:36pm
jim:
A second hypothetical to chew on:

A poster on a blog site posts something illegal to the comments section of the volokh conspiracy. Maybe it's one of those DRM keys, maybe it's a bomb threat. I dunno. But the government wants to find who did it.

All they manage to obtain is an account name and an IP address to a public terminal. They also discover that I posted to the volokh conspiracy very close in time to the offending post and that I did it from the same public terminal. Using some bit of publicly available information, they track me down and I confirm that I authored the post written under my log in name.

Can the police now order me to turn over the password to the other account that posted from the same public terminal at roughly the same time?

Either it wasn't me, and I don't know the password. Or I do know the password, and by entering it, I provide pretty strong evidence that I made the offending post.

This hypothetical seems similar to the case in that there is no proof that I know the password, and turning it over will involve showing that I know the password, a piece of information that incriminates me.
12.14.2007 11:37pm
dew:
I'm just surprised somebody hasn't got a product out there, "even better privacy", that produces one set of contents from an encrypted file if you enter one password, and another, innocent, set of contents if you enter a different password. While turning the first set into random bits... The algorithm wouldn't be all that difficult to devise. …(steganography)

The problem with your approach is that it can be reasonably guessed that you are hiding something else based on the size of the size of the encrypted file vs. the unencrypted file unless you have additional cleverness. For example, in e-mail there are some encryption tools where you use some normally unused bits in certain graphics formats to hide an encrypted text message. As was mentioned, this guy would have been better off with TrueCrypt – he could have had one encrypted partition with some legal stuff in it, and competently hidden another partition within the first partition. The inner partition would look like random junk on the disk to other people searching the disk (much like real unused space).
12.14.2007 11:47pm
Christopher Cooke (mail):
Orin

I disagree with your analysis. You are confusing "foregone conclusion" with waiver. The cases that say that there is no additional "testimonial" information to be gleaned from enforcing compliance with a subpoena (the "foregone conclusion" cases) usually have to do with subpoenaing bank records from a defendant when you already know the bank account information (e.g., location and number/identifying information on the account). I have never seen it applied to something that would be the equivalent of granting the government access possibly to additional evidence of separate criminal acts. In this case, to apply it to a bank account hypo, if the government knew of account A at Wells Fargo, in the name of the defendant, a subpoena to defendant for his records of account A would not add to anything to what the government already knows, so there is no "testimonial act" being compelled, of any practical significance, by such a subpoena. But, if the subpoena asked for all records regarding any bank accounts that you control at Wells Fargo, and the defendant possibly had accounts that the government did not know about at Wells Fargo (beyond Account A), that would be a testimonial act of great significance (authenticating the records of the other accounts would incriminate the defendant). The second situation is what we have here: the government knew about some child pornography on the computer controlled by defendant. having the defendant type in the password would force him to admit to the government his control over, and access to, possibly other instances of child pornography, and absolutely would incriminate him.

Just imagine, the AUSA would argue at trial that the defendant's knowledge of the password was very damning, and proved that he (1) controlled and limited access to this stuff, and therefore must have put it on his computer (and not someone else) and (2) knew it was wrong which is why he encrypted it.
12.14.2007 11:49pm
R. G. Newbury (mail):
Orin, Whit, I agree with Chris Cooke. You are wrong. You are ignoring the difference between objects and knowledge. The gov can search the laptop as it has probable cause. The gov can *ask* a defendant for the key to a safe, but it can go ahead and break into the safe if necessary, under a search warrant, without requiring (needing) any input from the defendant. But in this case, the prosecutor wants to do *exactly* what the Fifth Amendment proscribes: make the defendant say something which will tend to incriminate him. The judge is exactly correct on this point.
This does not stop the prosecutor from running exhaustive password cracking tests against the 'drive Z' and this does not require a further subpoena nor impinge on the defendant.

The exact point here is that the defendant *MUST SPEAK* to comply with the prosecutor's demand.

John (at 10:09 pm) had it right in non-legal language.

Orin. the joke goes 'you must be an intellectual to believe something like that'. I am surprised that you did not see the distinction. (P.J. O'Rourke, I think..),,

Geoff
12.15.2007 12:14am
Ken Arromdee:
The reason for this is that the constitution should protect the innocent and not the guilty. ... Using the testimony to get other evidence will not cause any trouble for innocent people, because an innocent person wouldn't know where the evidence was.

This isn't true. Because it's not so easy to distinguish between an innocent person, and a guilty person who lies and claims not to know. But guilty people get punished for not turning over the evidence. Which means that innocent people will also get punished for turning over the evidence they don't have.
12.15.2007 12:31am
Christopher Cooke (mail):
There was an interesting law enforcement case involving a Mob-guy's son, who went to business school. He had a laptop with incriminating QuickBooks files on it tracking the receipts of criminal activity, that he encrypted using PGP. The government went in to his house with an initial "no-knock" no announcement search warrant (I forget what it is called, but they didn't tell him they went to his house) and obtained a copy of his hard drive. But, lo and behold, the discover the harddrive is encrypted and can't crack it. So, they get another warrant that allows them to go into his house again, implant a program that is designed to detect passwords, and then go in again and see what they find. That is how they unencrypted the harddrive (through the password they found through their program implanted on the computer, in secret).
12.15.2007 12:33am
dew:
The more interesting question, which I'd like to hear people's speculation about, is whether the government really can't break PGP (and if it could, it would not need the password at all), or whether its just not willing to admit that it break PGP in the context of prosecuting a child pornography posession case.

As has been pointed out, breaking PGP or similar encryption requires factoring very big numbers. It can be done, which is why as computers have gotten faster, more “bits” are used to encrypt – bigger keys makes breaking the cypher through brute force much harder (that is a bit simplified but generally true). You can find lots of estimates on what it might take to break a single encrypted file – breaking the strongest encryption is unlikely using publicly available methods and modern computers.

It is also unlikely that the government can easily “break” state-of-the-art encryption, as in the movie Sneakers (which is a pretty decent movie BTW). If the NSA has any tricks to decrypt PGP (and it would be the NSA), it is probably just a weakness in the encryption that NSA can exploit to turn the extremely hard problem into a less hard problem - and then NSA would still need to use its huge CPU resources to finish the job. Might NSA have found a shortcut? Maybe. When the original public encryption standard (DES) became available from ANSI in the 70s, it took the academic community 2 decades to fully understand two modifications the NSA was known to have made to the public standard. Academic and commercial en/decryption have probably caught up quite a bit, but the NSA could still easily be years ahead of everyone else. And no, the NSA would not reveal any weaknesses in PGP's encryption for a kiddy porn case, any more than a broken enemy code would have been revealed for a single criminal trial during WWII.
12.15.2007 12:33am
Adam B. (www):
Wow. It only took eleven years for my law school comment to turn into a case.
12.15.2007 12:33am
randal (mail):
Boucher won't be "bringing" the files to the police in response to an order to incriminating files; he will merely be opening the door to the safe that we all know is his and that we seem to know he knows how to open.

Orin, this analogy seems to be the key to your thinking, and I believe it is wrong. Or at least, I hope it is wrong. I'm trying to think of what "bringing the files to the police" would entail in this context. The closest I can think if is if the court were to compel him not to disclose, or even type in, the password, but to unencrypt drive Z. If it would be improper to compel him to unencrypt the drive, then I don't see how it could be proper to compel him to type in the password, which effectively unencrypts it. What is the distinction?

Maybe it analogizes to physical documents written in code. We know he knows the code because he has decyphered some of the documents in the past. Can he be compelled to decypher the remaining documents?

Perhaps I am misunderstanding the facts. You say he waived his Miranda rights. That makes me think that the police testimony is admissible. What more do they need from the password? Are they concerned that he's going to claim at trial that the police are lying / halucinating? Or are they digging for additional contraband? If the latter, that seems problematic.

Is there caselaw around what happens when a suspect reveals a portion of an indivisible set of documents; that portion turns out to be incriminating; and the entire set ends up out of reach of the prosecution, where only testimony from the defendent could retrieve it? For example, the police end up in posession of a copy of a single page of a document; they lose the page (and don't even remember which one it was); and they attempt to subpoena the entire document from the defendent?
12.15.2007 12:40am
SecurityGeek:
Finally, a thread on VC I am qualified to comment on:

1) PGP Disk Encryption, a part of the commercial PGP Desktop product, is completely different than the PGP email standard and attacking each would use different techniques.

2) AFAIK, there are no quicker attacks against PGP Disk Encryption than trying many many possible passphrases. The key derivation function for PGP desktop is pretty computation intensive (PKCS #5) so a brute-force attack is impractical for any passwords but the most basic.

3) Because #2 is true for most disk encryption products, I once read that the Secret Service has a software suite that looks for unique words and phrases on a person's hard drive and then tries passphrases related to them. So if your passphrase is your SSN, birthdate, and dog's name, they might guess it in a reasonable amount of time.

4) It is true that Truecrypt, a free encryption product, allows you to create an encrypted partition where if you enter one password it only reveals some of the disk, and if you enter another it reveals the entire disk. This is pretty cool, especially because you cannot mathematically (and I guess legally?) prove that the secret partition exists, if you set things up right.

5) This issue is going to be much bigger in the coming years, because the Bitlocker encryption technology built into the expensive versions of Windows Vista is not only excellent, but uses a computer's hardware security chip to "trapdoor" the disk and force the use of a "recovery code" to decrypt the disk if somebody tampers with the machine or tries to enter a password too many times.
12.15.2007 12:51am
OrinKerr:
AnonLaw Student writes:
My hypo is this:
(1) Police ask a guy [Boucher] crossing the border to open his trunk. They find that he has a dead body #1 [kiddie porn Set 1] in the trunk. While examining the car, they also find a shirt that is covered in blood. When asked, the guy says "Sure, that shirt is mine." When the shirt is analyzed, the police determine that it has blood from missing person #2 [kiddie porn Set 2] in sufficient quantity to indicate missing person #2 is dead.
(2) The police obtain a grand jury subpoena requiring the guy to disclose the location of dead body #2.
Of course that's different: that's basically Hubbell, where the government was requiring the defendant to do the work of going through the possible evidence and select out the evidence of crime that implicates him. But in this case, the subpoena is not an order for Boucher to disclose the location of child pornography, which would establish all the elements of the crime on their own (existence, knowledge, and control). All the subpoena asks him to do is "open the lock" to his personal computer, which we know he knows.

More broadly, I'm really interested in the fact that so many readers think this issue is so easy! I think the general question of subpoenaing encryption keys is difficult if not impossible to answer because there is no Supreme Court case really on point; the general issue is in the gray zone amidst Fisher and Hubbell and Doe I and Doe II. I tend to think that the specific facts of the case make this more like Fisher than Hubbell. But either way I think it's hard: it's hard because the scope of Fisher and Hubbell and Doe I and Doe II are really murky. Given that, it's really interesting to hear that some readers think the issue is really pretty obvious and that it's clearly another Hubbell.
12.15.2007 12:59am
Mike G in Corvallis (mail):
In this case, Boucher can't even claim "look, I gave you the right password, it's not my fault if it won't open", since he opened it himself!

"OK, I give up. The password is 'arglebargle2' ... What do you mean it didn't work? That's the password I used when I unlocked the Z drive for the border patrol agents! Look, they're the ones who were messing with it, and they turned it off -- they must have altered something! Ask them what they did to screw things up! Boy, you know how finicky Windows Vista is about digital rights management issues -- I'll be lucky if I can ever access any of my files now!"
12.15.2007 1:28am
jim:

All the subpoena asks him to do is "open the lock" to his personal computer, which we know he knows.


Upon first reading, your description of the background did not seem to agree with the quoted statement, so I went to the linked file and read the judge's background description.

Upon reading that description, I see that the entire drive is encrypted with one key, which prevents officers from seeing the same exact files that they were given access to by Mr. Boucher previously. Thus, there is no further incrimination that Mr. Boucher can perform by demonstrating that he knows the password. That clearly makes the nature of delivering up the password different from what I (and I assume others) believed it to be.

Becoming aware of this fact doesn't make me suddenly do a 180 on my opinion, but I now see how it is a difficult case, not a seemingly obvious one.
12.15.2007 1:37am
JaredS:
This is indeed interesting to non-lawyers, so perhaps someone can help a non-lawyer out.

I get the impression in this discussion that being compelled to turn over a physical key is uncontroversial. However, this doesn't conform to my layman's understanding of the Fifth Amendment.

Let's say the police, legally searching a closet in my house that I share with my immediate family, find a strongbox. I know that it contains an unregistered handgun that I recently used to commit a murder and I alone know where the key is. If asked to turn over the key, can't I refuse to confirm or deny that I've seen the box before, let alone that I have the key for it? Wouldn't complying with the request be more incriminating than allowing the box to be forced open?
12.15.2007 1:55am
xDWuHAsF2RK:
According to the linked document, the subpoena directed Boucher to "provide all documents, ..., reflecting any passwords used or associated with the [computer]". If I were directed to provide all such documents for any computer under my control, I would have great difficulty finding all of them, and I have no reason to believe that all such documents are in my possession. Also, Boucher's entry of the password for the encrypted filesystem is neither required by nor sufficient to comply with this subpoena.
12.15.2007 2:17am
Paul Allen:

But note that Boucher was not being compelled to reveal the password; he was only being compelled to use it. I think that responds directly to Stevens' argument.


Since when can a person be subpoenaed to commit an act generally? Suppose the grand jury subpoenaed me with instructions to knit a sweater. Suppose that whether I could do this had evidentiary value. Would such a thing really be a subpoena? No. A subpoena is nothing more than the power to produce a person or an object in the grand jury room.

It is not the power to issue arbitrary instructions, however, relevant those instructions may be.

The government already possesses the hard drive, thus there is no longer an object or a person within scope of the subpoena powers.
12.15.2007 2:26am
RonPaul08!!!!:
This is why we need Ron Paul! It wouldn't be a problem in Ron Paul's America since he'd legalize child porn.
12.15.2007 3:20am
zooba:
The most on-point case is Doe v. United States, 487 U.S. 201 (1988), which held a person could be compelled to sign a document which purported to consent to turn over foreign bank records. Some of the relevant dicta from the majority/dissent involved the distinction of whether forcing a party to turn over a key to a safebox rather than the combination to a safebox is testimonial, with both sides seeming to indicate the combination would be testimonial. This of course is old dicta, but is still relevant.

Passwords seem to be significantly more testimonial than combinations. The real problem with analyzing the testimonial nature of passwords is that they can largely be anything. PGP, for example, allows very long passwords. Now that password could be a long random string of characters, or it could be "I am guilty of receiving child pornography having been shipped in interstate commerce pursuant to 18 U.S.C. 2252(a)(2)." or it could be "childpr0n" or it could be the name of a pet. These all possibly have testimonial qualities, but the possible range is pretty extreme and it is certainly plausible that some of the passwords could be incriminating. The problem is, the judge has no way of knowing what testimonial quality of information is in the password itself.

The solution to realize is that divulging the password is itself divulging a fact - the fact of whether or not the password contains factual information. This is of course, in similarity to the combination case, to the fact that the password unencrypts the files (like the combination that unlocks the door).

The other real problem for this will be if a court follows the HIIBEL V. SIXTH JUDICIAL DIST. COURT OF NEV.,HUMBOLDT CTY, 542 U.S. 177 (2004), in an analogous situation of being forced to disclose your name to your officer, held that "Answering a request to disclose a name is likely to be so insignificant in the scheme of things as to be incriminating only in unusual circumstances." This seemed to be something of a de minimis test for 5th amendment violations. However, the court was applying this to the incriminating prong, rather than the whole test or the testimonial prong. The evidence in this case is clearly potentially incriminating.

An interesting question would be to what degree use immunity would get around some of the issues. Could the prosecutor promise not to use the potentially incriminating password in the trial, but still get to use the files it decoded? Specifically, for fruit of the poisonous tree / use immunity analysis, can the good fruit of the non-testimonial aspects of the compelled testimony be separated from the bad fruit of the testimonial aspects?
12.15.2007 3:27am
Avatar (mail):
Mike G:

That was my point in a nutshell. At the end of the day, if they've never seen you open up the box, they can't prove that you can; the judge may be cross with you, but if you're insisting that you provided the password, and it's not functioning, what can they do? Throw the book at you for not cooperating, sure, but if all the nasty child porn evidence is sitting on the partition where they can't get at it, they can't try you for it, can they?

(Of course, we're talking about a pretty dim bulb here, if he went to the trouble of encrypting files and then nicely unencrypted them when asked; it's entirely possible that there was more CP in his cache or other places where they can nail him anyway. For that matter, if you encrypt a file, why the heck would you leave the file name as something that screamed "child porn in here!" And if the policeman asks you if you have child porn on your computer, the answer is "no, sir!", preferably followed by "I like older women, sir!")

I don't know that this is a particularly good case with respect to encryption, though. It's true that Boucher's providing of the password would be tantamount to admitting before the court that he had child porn on his computer. At the same time, he has already made that tacit admission when he accessed the drive the first time. Unless he's denying that he accessed the drive, and that the agents are lying about that access, he's already made that admission to the court. In essence, you can take the Fifth to refuse to provide testimony against yourself, but once you've provided that testimony, you can't retroactively take the Fifth like some kind of take-back.

Then again, this is just the subpoena. The government could still present a pretty strong case - i.e. "this guy had a video file on an encrypted hard drive with 'baby rape' in the title, we looked at it, it was baby rape, but now we can't get back into it because of the encryption and he won't fess up with the password." Police's word against perp's word, and the police can still present the hard drive with the encrypted files that caused them to become suspicious in the first place, no?

Ruling that one can refuse to enter a password on the Fifth would make computer forensics really, really hard, though. What would Officer Pike have done if there were a password on the whole computer, and Boucher said "I prefer not to provide that password on the grounds that it might incriminate me?" (Obvious answer, seized the computer! But then Boucher wouldn't be up on child porn charges...)
12.15.2007 3:33am
Public_Defender (mail):
I submit that any action whatsoever to the detriment of the client for the benefit of the state or its laws is likely to unravel the delicate social fabric of respect and respect for authority that holds the legal systems together.

This goes too far. I can't and won't advise my clients to lie, even if I know they thought they could get away with it. Also, I can't advise my clients to violate a court except under rare circumstances (for instance, where I plan to appeal the contempt citation to test the legality of the order).

The officer-of-the-court stuff means something. I think the dialog I gave above is the furthest I can go in dealing with an unjust but final order. My guess is that some prosecutors would say even that goes too far.
12.15.2007 5:30am
whit:
"The government went in to his house with an initial "no-knock" no announcement search warrant (I forget what it is called, but they didn't tell him they went to his house) and obtained a copy of his hard drive"

it's called a "sneak and peek" warrant. these are VERY rare, btw. i've read case law about them. i've never seen one (done scores of warrants myself), never talked to an officer who has written one, etc.

they are most commonly used in organized crime type investigations (such as above) and/or terrorism type cases.

my understanding is, especially in WA state, they are VERY VERY difficult to get.

PGP: i've seen only a very few cases where defendant's actually used PGP to encrypt their files. this boggles my mind, BUT in genereal people don't encrypt files that they should. this holds for everybody, not just criminals. people who are parole/probation etc. for child porn STILL don't usually use PGP. your average 14 yr old computer nerd (myself included) used PGP all the time. most people don't

according to my computer forensics guy, he SUSPECTs that maybe possibly some super high speed NSA type guys might have some way to break it, but that's just conjecture. if you encrypt it, us cops can't figger out the password (unless you use your daughters name like in wargames).

"Further, why is the Government going through all this trouble? As you said, they can already put the agents on the stand, have them describe the images they saw, and send the guy to prison."

because you have to prove the elements of the crime, namely that it IS child porn, not just porn. having some agents say "it looked like little kids" etc. might be enough to get a warrant for something, but it's not enough to prove beyond a reasonable doubt that said photos were in fact - child porn vs. say photos of young looking adults, etc.

also, wasn't the recent case about VIRTUAL CHILD PORN (compute generated images generated to look like child porn but that used no actual children) ruled that child porn laws could not be applied? i could be wrong on this, but wasn't that ruled legal?

so, even if the agents viewed photos of BABY PORN (it's pretty easy to establish that an infant is in fact below the legal age for explicit videos etc.), you would need to prove it was ACTUAL babies, and not computer generated. without access to the files, and just based on recollection, that's difficult (again, assuming my recollection about virtual child being legal ).
12.15.2007 5:59am
Sean M:
Interesting comment someone made above, Orin. The subpoena is, literally, to:

"provide all documents, whether in electronic or paper form, reflecting any passwords used or associated with the Alienware Notebook Computer, Model D9T, Serial No. NKD900TA5L00859, seized from Sebastien Boucher at the Port of Entry at Derby Line, Vermont on December 17, 2006."

Let's say he's never written down his password (not at all unlikely). Can't he comply with the subpoena by saying there are no documents that are responsive to the subpoena?
12.15.2007 7:46am
TruePath (aka logicnazi) (mail) (www):
I seem to remember a related issue coming up in the Kevin Mitnick case. In this situation I believe it was also determined that the 5th ammendment did not require the defendant to give up his harddrive password (under different circumstances) but not having the password the government was apparently succesful in arguing (or at least avoiding) having to turn over the encrypted contents to the defense for their use.
12.15.2007 7:47am
BP (mail):
So, once again if I am the defendant, I have two choices if some of the voices here are correct.

1) Turn over the password knowing what is on the drive and go to jail convicted of child porn and be dealt with in that manner.

2) Don't turn it over and go to lockup (or whatever is appropriate) under contempt.

Who do you think will be dealt with worse in prison? One way, you are a "dead" man and when you do get out, have to register every where you go for the rest of your life.

The other, you move on after spending the time in jail.
12.15.2007 7:56am
kehrsam (mail):
Perhaps the issue here is that the cops CAN decode the PGP, but imperfectly, and the files are damaged. And it was really good child porn that they didn't already have.

In all seriousness, I have to come down with the magistrate judge here. When I was in CrimPro the 5A mantra was tabula rasa: They could view the body, but never the mind. I see that there is more complexity to it than that by the other comments, but it still seems like a reasonable rule.
12.15.2007 8:16am
seadrive:
As a non-lawyer, the more I read this blog, the more I see case law as the practice of parsing the constitution ever more closely in order to give the government what it wants more often.

By the way, I have a PGP-excrypted "disk" on my laptop (my employer's laptop to be more precise) that holds many gigs of HIPAA protected info. I'm not giving anyone the pass phrase until told to my by company's general counsel.
12.15.2007 8:33am
bob clark (mail):
Orin:

You were correct about the attention this post would generate. (a previous email between Orin and me) I will definitely be including this issue in my black hat 2008 talk. From those who know me (as a govt hack who has never seen a bad search)(joking) I think this case was decided correctly under the knowledge of a combination vice producing a key argument. My question, if you have a biometric access device on the computer (eye scan or fingerprint scanner) can the govt grab your finger and forcefully place it on the computer? Seems it is like a key. But can you imagine some of the struggles the accused might use too avoid placing their finger down!!
12.15.2007 8:35am
Philistine (mail):

My question, if you have a biometric access device on the computer (eye scan or fingerprint scanner) can the govt grab your finger and forcefully place it on the computer? Seems it is like a key. But can you imagine some of the struggles the accused might use too avoid placing their finger down!!


What happens now if someone doesn't want to give a fingerprint--or (presumably after a Court order), refuses to submit to a blood draw/cheek swab/etc.?

Do they just go for contempt or is there forcible compulsion?
12.15.2007 8:52am
Crafty Hunter (www):
The fundamental moral issue is whether or not a man should be forced at gunpoint to issue information from his own mind to be used against him, whether it be in spoken or written language or in any *other* form of action, including moving his fingers across a keyboard. There is a sharp clear line between that which exists *outside* of his mind and that which exists only *inside* his mind. I certainly believe the magistrate to have issued a correct ruling under the Fifth Amendment, regardless of past contemptuous violations of the Fifth Amendment by other courts (including the Supreme Court).

For that matter, I consider it forced self incrimination to compel a man to provide *anything* that may be used against him in a criminal case, but that is (almost) another matter.

Having said that, I'm unhappy that this *would* have to be a hard case (what appears to be an actual pervert who gets his sick jollies from viewing child pornography). You know the old saying about hard cases tending to make bad law, not to mention rulings. Some arrogant nerts in black robes at a higher level are likely to rule that forcing a man (even a pervert) to help the State hurt him is "legal". :(
12.15.2007 9:30am
bob clark (mail):
by the way, yes I am aware that there is no Constitutional protection to your fingerprints and blood for identification purposes etc. what I'd like to know, because I don't think the case exists yet, is that case where a biometrics device was overcome by the non-consenting use of that individual's particular biometric identification. (ie) forcibly placing fingerprint on biometric device.
12.15.2007 9:41am
SeaDrive:
bob clark: How would the biometric id device be different from one person recognizing another by facial features?
12.15.2007 10:15am
Storage Container:
I've no legal expertise but I think the Judge is correct. I also have a different hypothetical that makes more sense to me:

Suppose the police stop me because they suspect that I'm dealing drugs. In a moment of panic I take them to a Storage Container that's full of incriminating evidence. The police briefly examine the Storage Container and find incriminating evidence. They then close the container and take me down to the station for questioning. Later, when they attempt to return to the Storage Container to fully inventory the evidence, they find that they don't have the right address. The police then try to force me to provide the address of the Storage Container that they know contains incriminating evidence. I decline the opportunity. The police know that I have a Storage Container full of incriminating evidence, I know that the police know about my Storage Container, but I'm under no obligation to provide them with the evidence to convict me. They had access to it, they lost access to it, too bad for them.
12.15.2007 10:19am
Fat Mam (mail):
Dean Vernon Wormer: Put Neidermeyer on it. He's a sneaky little shit just like you.
12.15.2007 10:34am
Public_Defender (mail):
What happens now if someone doesn't want to give a fingerprint--or (presumably after a Court order), refuses to submit to a blood draw/cheek swab/etc.?

Do they just go for contempt or is there forcible compulsion?


They use force. If a DUI suspect refuses a breath test, some cops will seek a warrant, and then forcibly take a blood draw.
12.15.2007 10:38am
Horatio (mail):
My understanding is that PGP is pretty much unbreakable without the password. To break PGP, you basically need to be able to find all of the factors of an extraordinarily large integer. If I understand it correctly, you could theoretically brute force it, but even with a massive distributed network (think seti@home) everyone would be dead before it was broken. There is no proof that there is no better way to find factors, but its generally accepted that no one has figured it out yet.

Actually, the advances being made in Quantum Cryptography, especially by Japanese computer scientists, will make PGP vulnerable in the very near future. Then cryptographers will develop methods for quantum encryption and the chase begins anew. It is a constant battle between those who want to keep secrets, and those who want to discover them.

Additionally, I believe a mathematician in Europe has submitted a proof describing a method of factoring very large prime numbers in a way that is revolutionary, and also defeats public key encryption. Don't have the reference, but "The Truth is Out There"

For an excellent layman's guide to all things cryptographic, check out Simon Singh's, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

Finally for a hard core explanation of cryptography, read Bruce Schneir's seminal work, Applied Cryptography
12.15.2007 10:47am
bob clark (mail):
seadrive

remember the identifcation of a suspect by another party is not a violation of the 5th amendment, using a facial recognition program to help identify a suspect likewise is not an issue; it is the use of a "biometrics key" case that I'm waiting to see since this is a locked container. Again I am of the view that a MJ would analogize the fingerprint to that of a key opening a lock box.
12.15.2007 10:50am
Robert Reese (mail):
Crunchy Frog wrote:

"PGP is Pretty Good Privacy. It's not absolute, however, and given a powerful enough computer and a couple days number-crunching, it can be defeated."

From a technical aspect, this is an absolute and utter fallacy. All the computing power that has ever existed in the known world could not crack PGP in a couple of days.

There are versions of PGP that use a key-strength of 8192 bits, which is 2^8192, though most use anywhere between 1024 and 4096. Imagine, if you will, a wall of light switches. In this example we're going to use 4,096 light switches. These light switches are wired so that only when they are in the correct position (up/down instead of on/off) will it pass the current on to the next switch. The end result is that the only way to light the bulb at the end is for every light switch to be in the correct position.

To put in perspective the number of possible combinations, this number is greater than the number of seconds since our sun was born, or 1,044.39 followed by 1230 zeros. A "couple of days computing" ain't gonna cover it.

Now if you wanted to brute-force the passphrase, the total number of potential passphrases are 256^255, or roughly twice as easy as breaking the encryption itself. That easier number is this: 1.2623830496605862226841748706512e+614

Go ahead, brute force it if you want. ;c)

Cheers,
Robert Reese~

A PGP user (and computer security professional) for more than a decade.
12.15.2007 11:09am
Christopher Cooke (mail):
Having read all of these Supreme Court cases at one time (Doe, Fisher, Hubbell) and the Magistrate Judge's opinion, I think he got it right, but this is a close case because it is the first. I think, at bottom, someone' comment that you can't be made to reveal what is in your mind is exactly right (at least, the Magistrate Judge assumes that Boucher did not write it down).

And, I think the Magistrate Judge's reliance on Hubbell is apt: the government wanted to limit the immunity offered to Boucher for entering the password solely to the "use" --the unlocking of the hard drive ---but not the derivative use---the information gleaned from searching the contents of the unlocked hard drive.

As for whether Boucher has already "incriminated" himself so much that this will add little to the evidence already possessed by the government: if so, why does the government want him to enter the password? This doctrine is a narrow exception to the Fifth Amendment that essentially says there is so little to be learned from the compelled information, it really is not a significant infringement on the defendant's rights. It is somewhat akin to the inevitable discovery doctrine in the 4th Amendment context, in that it posits showing that the government already knows or has an independent means of learning, virtually all of the information.

The problem with the doctrine here is not, as the Magistrate Judge says, that this only applies to documents (although, he may be right in terms of the cases that have allowed its use). Rather, it is that the government does not already virtually know everything that is on the hard drive (that is why they want to search it) and they need to the digital images of the child pornography the agent already viewed (what they already know to exist) in order to make an airtight prosecution against the defendant by proving that it is in fact digital images of sexual acts involving minors, and that he possessed them.

Also, as a factual matter, I am not sure Orin is correct when he states: "All the subpoena asks him to do is "open the lock" to his personal computer, which we know he knows. "

The opinion states that the agent at the station did not see Boucher enter the password the first time he showed them computer files. If that is correct, then, how do we know that Boucher knows this password? When the customs agent originally detained him, and booted up the computer (which could have been on standby) and noticed the pornographic images, the password already must have been entered by someone (not necessarily Boucher). That is why the agent was able to view the pornography at the customs inspection site. So, yes, you are forcing Boucher to admit that he knows the password if the court were to order him to enter it.

This doctrine --foregone conclusion--- should not be confused with waiver of the 5th Amendment. Some may say: well, hasn't he already told them everything? Here, Boucher waived his 5th Amendment initially when he spoke to the agents, so those statements he made, and information learned from them, can be used against him. But, this does not mean that he can be forced to repeat what he said to them. He can't. That type of waiver would only occur in very limited circumstances, such as when someone has already testified under oath. And, in those circumstances, the waiver extends only to the specific subjects on which one has previously testified. Cases agree that you can refuse to answer different questions than the ones you answered previously.
12.15.2007 11:32am
Brett Bellmore:

what appears to be an actual pervert who gets his sick jollies from viewing child pornography


Really? I dare say that the evidence we have is more consistent with somebody who gets his jollies looking at pictures of adult women, but who uses image grabbing software to download ALL the picture files available at porn sites, and then sorts through it off-line at his leisure:


Agents asked Boucher if there was child pornography in the computer, and Boucher said he wasn't sure; he downloaded a lot of pornography on to his computer, he said, but he deleted child pornography when he came across it.


Doing that, it's a statistical certainty that you'll download child porn occasionally, and entirely plausible that you'd have some lurking in a directory you hadn't sorted through yet, even if you had no interest in the stuff.

I dare say the guy didn't realize when he first let the officers look through his drive that the law would not view this sort of relatively innocent circumstance quite the way he did, and got quite an education on the subject when he got around to talking to a lawyer.
12.15.2007 11:32am
Storage Container:
One more thing... I think the comparison of the hard drive to a safe is inappropriate. The hard drive is more akin to a warehouse as it is a "Data Warehouse" - it has vast amounts of potential evidence compared to the meager amount that a safe might contain. The file directory hidden behind the PGP tells the user where each "shipping crate" is housed, it's a map to their location. If you want to search my warehouse then I can't stop you but I don't have to tell you where each piece of potential evidence is... do I? If you want to search my "data warehouse" then go ahead, kick in the door and search to your heart's content but don't expect me to tell you where all the loose floorboards are, which crates contain secret compartments, and which heating ducts lead to hidden rooms.

If we use the safe analogy then asking for the PGP key, and subsequently the file directory, is more like asking for the vault combination and then demanding to know in which of the billions of "safe deposit boxes" the evidence the police want is stored.
12.15.2007 11:33am
George Henderson:
Why does every Orin Kerr analytical post (which I do look forward to), go something like this: "This is a hard issue, but I tend to think [that the government wins.]" This case, the 4th Amendment "Only Comes Out At Night" (i.e. read Cuddihy), the officer tasering the guy was reasonable, the Warshak case, heck, Scalia's decision Hudson v. Michigan was supposed to be "deeply rooted" somehow, as if every criminal procedure treatise didn't have to add a new section about whether the case means you can balance away the application of the exclusionary rule with 1983 violations.

Which leads me to my other question, I don't mean this to be mean spirited, but if the Volokh conspiracy is supposed to be a "Libertarian Law Blog," how does its most voluminous poster always agree with such government curtailments?

I understand law is not ideology. I understand legal libertarians don't tend to root their beliefs in such "natural rights," since they know this is a blank check to judges. But it doesn't seem to make a lot of sense to me. And for the sake of the ivory tower, I don't see as much neutrality in the legal analysis as you would from the average briefed filed by the U.S. Attorney's office.
12.15.2007 12:27pm
George Henderson:
Apologies for the last sentence. Should read: "I see about as much neutrality in Orin's legal analysis as one might find in the average brief filed by the U.S. Attorney's office."
12.15.2007 12:29pm
el duderino (mail) (www):
Interesting story, even more interesting comments.
From a decidedly non-law perspective, by demanding Boucher’s password the government is forcing Boucher to reveal ostensibly incriminating images and therefore that demand would seem a violation of the 5th amendment.
But how is this different from demanding an actual brass key to a locked file cabinet, the address to his vacation home or any other datum that upon inspection may further incriminate him? Which brings us to the difference between testimonial and non-testimonial acts. I tend to agree, for what it’s worth, with Orin that requiring Boucher’s password is non-testimonial and therefore not a privileged act of production.
In the end, I think the court decided well by applying the 5th amendment a little more broadly. In Boucher’s instance would 10, 100 or 100,000,000 images confirm his guilt? Correct me if I’m wrong, but one image of child porn is enough to send you away. If absolutely necessary for the government's case, I'm sure they have resources that would give them access to the incriminating data without violating the 5th amendment. If at the end of the day this perv is in PC for the rest of his life and our 5th amendment remains inviolate, I think we can all rejoice in system that worked. This time anyway.
12.15.2007 1:15pm
cat scan:
Can a person be compelled to lie in a CAT scanner that measures brain activity while images are shown to the person? Can, at the same time, the person be compelled to keep their eyes open? Probably, in both cases. However, can the person be compelled to focus on the images? If that can be measured, probably yes. In the same way that a person can be compelled to position a finger in a fingerprint device, a person can be compelled to provide physical evidence.

Now, if a password is written in a security copy, can someone be compelled to disclose where the security copy is?

No, as that would be testifying. Can the person be compelled to give a notebook that may be suspected to contain the security copy where the password is written? Yes, as that is physical evidence.

Further, as to the act of someone testifying, a testimony may have two distinct goals: (1) corroborating something that is already known, or (2) providing something that is not known beforehand. Which case does the Fifth Amendment protect against? Both cases, seems to be the judge's conclusion in this case. I find no technical fault in this argument, as both cases correspond to providing "information" in the technical sense -- information, in Shannon's definition, is that which is not expected. If it would be expected, there would be no reason to ask for a testimony (for example, the password was found written on the back of the laptop and it works to open the files).
12.15.2007 1:17pm
Oren:

PGP is Pretty Good Privacy. It's not absolute, however, and given a powerful enough computer and a couple days years number-crunching, it can be defeated.



If absolutely necessary for the government's case, I'm sure they have resources that would give them access to the incriminating data without violating the 5th amendment sometime in the next decade



Fixed it for you guys. This is assuming a large supercomputer.

If he hadn't opened his big mouth, he'd be fine. Serves him right for talking.
12.15.2007 1:28pm
Oren:

Which leads me to my other question, I don't mean this to be mean spirited, but if the Volokh conspiracy is supposed to be a "Libertarian Law Blog," how does its most voluminous poster always agree with such government curtailments?

We went over this a little while ago but there is no Libertarian Pope and certainly no reason to impute that any particular point of view on a legal case is incompatible with Libertarianism.


I understand law is not ideology. I understand legal libertarians don't tend to root their beliefs in such "natural rights," since they know this is a blank check to judges. But it doesn't seem to make a lot of sense to me. And for the sake of the ivory tower, I don't see as much neutrality in the legal analysis as you would from the average briefed filed by the U.S. Attorney's office.


OK is not required to be neutral.
12.15.2007 1:33pm
Mars vs Hollywood:

In Boucher’s instance would 10, 100 or 100,000,000 images confirm his guilt? Correct me if I’m wrong, but one image of child porn is enough to send you away.


Just a thought, but child porn users tend to operate in networks, where they trade images with others. The police may be interested in tracking the images to see where they came from, where they were downloaded from, etc. Sometimes a particular image can be used to locate children who are missing. So additional material on the disk could be useful for reasons that have nothing to do with stacking charges on Boucher (though it would be useful for that as well).

Also, so much energy in these comments is being used to discuss whether the password is the same as a key or a combination. What this ignores is that a safe (whether it uses a key or a combo) can be physically defeated. Based on what the IT guys are posting here, PGP encryption can't be. So the police are being prevented from conducting a legal and proper search.

In a perfect world, the solution might be to jail Boucher on contempt until such time as he either unlocks the disk or the police are able to crack it. As one of the other posters put it, "thiscangoonforeverchump". :D
12.15.2007 1:45pm
Dave in Mount Prospect:
Christopher Cooke, I wanted to agree with what you posted about revealing that the defendant knew the password. As you said, the opinion states, "Agent Curtis did not see Boucher enter a password to access drive Z." There is nothing in the opinion which states whether or not there was evidence that the laptop was in sleep or hibernate mode when the customs agents first turned it on. If this were the case, it is possible that the defendant did not enter the password and so it isn't a certainty that the defendant knows the password.

Unless it can be shown that the defendant actually entered a password during the encounter with the custom agents, it would seem that forcing him to enter the password now would in fact reveal what is in his mind.
12.15.2007 2:04pm
Oren:

In a perfect world, the solution might be to jail Boucher on contempt until such time as he either unlocks the disk or the police are able to crack it. As one of the other posters put it, "thiscangoonforeverchump". :D


Speak for yourself but I consider that world quite a bit less than perfect! The right to hide incriminating evidence from the police is fundamental, without it, every personal matter is liable to be 'inspected' by the state on the flimsiest of evidence.
12.15.2007 2:05pm
Oren:

Unless it can be shown that the defendant actually entered a password during the encounter with the custom agents, it would seem that forcing him to enter the password now would in fact reveal what is in his mind.


If I were his lawyer, I would advise him to get http://en.wikipedia.org/wiki/Psychogenic_amnesia as soon as humanly possible. Perhaps we could just shorten it to "the Gonzales defense"?
12.15.2007 2:08pm
Oren:
Link came out wrong: should be

stress induced retrograde amnesia
12.15.2007 2:12pm
Horatio (mail):
A question for the lawyers/professors:

When does incarceration for contempt of court become cruel and unusual punishment? I recall when Elizabeth Morgan refused to disclose the location of her daughter in a custody battle and was incarcerated for quite some time
12.15.2007 2:17pm
TUB (mail):

Prof. Kerr--it seems that everything depends on the fact that: "we already know he knows the password"; i.e., he already entered it and the police can testify to that.

Fine. The police can testify, the defendant picked up the computer, typed in a password, there was porn on the hard drive, etc.

But shouldn't we appreciate that there some space between that (i.e., the testimony--SOME evidence that the computer was his), and the defendant's entry / revelation of the password?

Maybe it's splitting hairs, but: "we already know he knows it" is not really accurate. We already know the police will testify the defendant entered a password. That's all. He can say they're lying, or whatever.
12.15.2007 2:18pm
Jesse Wendel:
Jetico's BestCrypt program for many years has had hidden encrypted partitions within the same partition.

With password A you get to foo A which you want protected.
With password B you get to foo B which you want to give up to law enforcement. The moment any change is made to any file in foo B, all of foo A is randomized, unrecoverable, and appears to any search to simply be random noise within foo B.

As you have a valid backup of foo A off-site and very safe somewhere, you don't ever have to worry about a search. Give them password foo B and smile, smile, smile.

If you really want to make it interesting, make them fight your counsel for a while before giving up password foo B.
12.15.2007 2:22pm
Oren:
JW - TrueCrypt does the same thing, is free and is certifiably secure in that every security nerd in the world has attempted to find weaknesses in it.
12.15.2007 2:51pm
tvk:
I would be inclined to agree with your analysis except that the Supreme Court has drawn the distinction between the key to a safe and the combination to a safe. Here, a password to a computer is--in my mind--indistinguishable from the combination to a safe. Unless you deal with this language I don't see how the analysis could work.
12.15.2007 2:57pm
mrsizer (www):
Mr. Bellmore makes a good point. In fact, I've written a program that does just that: Give it a URL and it will crawl from page to page and download any jpg file over a given size. To avoid name collisions, it renames the downloaded files to just numeric values.

Do I have any kiddy-porn on my computer? Not to my knowledge, but I haven't looked at every file on my computer. Do I have files on my computer that have incriminating filenames? No.

Another possibility: The computer is used as a node in a file-sharing network and the guy has no idea what's on it - names or data. This seems entirely possible and completely legal (and presumes he is innocent, we're supposed to do that, right?) Having an encrypted hard-drive does not mean he is guilty.

Another possibility: His computer has been compromised by someone and is being used without his knowledge. This happens all the time. It has happened to me - I have the FBI file to prove it; thankfully it was a credit-card phishing scheme not child-porn.

If I were in either situation - or even suspected I might be - I would not reveal my password, either. Lord only knows what they would find on a random node of an trojan driven file sharing network. Even if there is no porn at all, I'd rather not fight with the music or movie industry, either.
12.15.2007 3:22pm
Bob M - Chicago (mail):
As a non lawyer, my question is, what would be the answer if you continued the analogy of the safe combination.

An officer asks you to open a safe, you comply. He sees stacks of material in the safe and examines one or two items and finds that they are child porn.

He replaces the items and then shuts the door to the safe. They cart away the safe and now say, "Hey, we can't get back in! You have to open the safe for us again."

I would assume he doesn't have to. How is this different from that?
12.15.2007 3:23pm
mrsizer (www):
The problem underlying the scenarios above is that the "it's like a safe" analogy is flawed: If one owns a safe, it's generally small and one is generally the only person - or part of a small group - who puts things in it.

A computer connected to the Internet is not like that at all. Things can be on it without one's knowledge of what they are or how they got there (although I wouldn't want to explain it to a jury - based on my experience the more one knows about the case's subject, the less likely one is to be selected for the jury).

It's more like rummaging through the dumpster of a gated apartment building: Just because you know the combination to the apartment complex doesn't mean you were the one who put any particular item in the dumpster.

I, personally, can not afford the lawyers or the time to try to force that logic through the court system. I'd shut up.
12.15.2007 3:29pm
mrd (mail):
My understanding of encryption software is that it physically changes data files so that they are no longer the same data. The z drive therefore no longer contains actual child pornography in it's present state, it is just random binary code. Without a correct passphrase and a known algorythm there is no child porn and never will be. Does this have any bearing on this case?
12.15.2007 3:37pm
mitigator:
I am a software engineer who works, among other stuff, on crypto systems.

It appears to me that the whole issue of self-incrimination by divulging a cryptographic key is one which the jurisprudence will have to deal with, in a manner much more focused than it appears to be at the moment, in a very near future. I also assume that in the present political climate, it will be possible for the "law enforcement galaxy" to pull the equilibrium to a point where the mere refusal to divulge the memorized key will be an offense in itself (cf. UK RIPA).

This is where things will get interesting.

Allow a digression: more and more, well-designed crypto-systems provide for (an optional) "two-pronged" protection mechanism: a memorized cryptographic pass-phrase (from which a "first half" of an encryption key is derived by a specific software algorithm) and a "key-file", recorded on some computer-readable medium (a mini-CD, for instance) from which a "second-half" of the key is derived. Both must be provided in order to decrypt the disk or the file, and in addition, there is no method whatsoever to determine if the pass-phrase is correct or not if the key-file is missing: the encrypted content remains safe.

If such a product is used, one can imagine the accused who, upon receiving the formal demand for the decryption pass-phrase responds with a phrase (any phrase!) and a recently microwaved CD with the explanation that at some point in time prior to being served the demand he performed the electronic equivalent of paper-shredding by destroying the CD with the key-file. Yet, unlike the paper analogy, the digital content would still be both unavailable to the accuser and available to the accused - perhaps he did not use the key-file at all, and the correct pass-phrase is still safe between his ears. However, there is absolutely no way (short of torture) for the accuser to prove this.

This might lead to the same treatment that an accused might be exposed to for the destruction of evidence (prior to ever being asked to produce it!), but, I would think, not to the contempt for refusing to divulge the crypto key. I would also expect that it would be difficult to prove that the "shredded" material was incriminatory without some independent evidence that established that the accused must have been in the possession of such material.

mitigator
12.15.2007 3:41pm
Dave in Alexandria (mail):
"Me protests that thou dost think too much."

John had it right and stuff: "I think the Fifth Amendment basically allows you to shut up and go limp until you are convicted or acquitted.

The government can take stuff from you (keys, blood, even stomach contents) but they can't make you say anything or do anything. Is there any case law out there that requires a person to talk or act?"
12.15.2007 3:43pm
OrinKerr:
George Henderson,

I think I responded to your comment a few weeks ago here.

More broadly, I don't think your characterization of my view is accurate. Sometimes I agree with the government (the Minnesota case you mention, this case). On the other hand, sometimes I don't (Thogsophaporn, Grubbs, Danforth, McCreary, Brendlin, the NSA domestic surveillance program, etc.).

Of course, it may be that I agree with the government more often than you do. But that's what's great about comment threads: You can show me where you disagree, and I can learn from your comments. I think that process works pretty well, but then of course you may disagree.
12.15.2007 3:51pm
Oren:

My understanding of encryption software is that it physically changes data files so that they are no longer the same data. The z drive therefore no longer contains actual child pornography in it's present state, it is just random binary code. Without a correct passphrase and a known algorythm there is no child porn and never will be. Does this have any bearing on this case?


No. All encryption presupposes the existence of "plaintext" - the original data that is the input to the encryption process. The encryption process is then (plaintext)+(key) --->ciphertext .

It's quite a tortured interpretation to say that the ciphertext does not 'contain' the plaintext - it clearly does. It is also mathematically certain that there exists a reverse transformation that unambiguously recovers the plaintext (or else there would be no point).
12.15.2007 4:03pm
Oren:

My understanding of encryption software is that it physically changes data files so that they are no longer the same data. The z drive therefore no longer contains actual child pornography in it's present state, it is just random binary code. Without a correct passphrase and a known algorythm there is no child porn and never will be. Does this have any bearing on this case?


No. All encryption presupposes the existence of "plaintext" - the original data that is the input to the encryption process. The encryption process is then (plaintext)+(key) --->ciphertext .

It's quite a tortured interpretation to say that the ciphertext does not 'contain' the plaintext - it clearly does. It is also mathematically certain that there exists a reverse transformation that unambiguously recovers the plaintext (or else there would be no point).
12.15.2007 4:03pm
xDWuHAsF2RK:

We already know the police will testify the defendant entered a password.

No. According to the subpoena, "Agent Curtis did not see Boucher enter a password to access drive Z".

The judge's opinion, the original post, and nearly all of the comments posted here so far have ignored the fact that the subpoena only directed Boucher to "provide all documents ... reflecting any passwords ... associated with the [computer]". As I stated previously (although somewhat more concisely), Boucher may be able to comply with this subpoena without disclosing the password to the court, and Boucher may be able to disclose the password to the court without complying with the subpoena.

The only issue I see in this case to which the Fifth Amendment is relevant is whether, after providing some set of documents to the court, Boucher can be required to declare under oath whether or not he believes that he has complied with the subpoena.

Also, note that the phrase "he believes that" cannot be removed from the preceding sentence: one frequently recommended method of generating a difficult-to-guess password involves taking the first letter of each word in some easily remembered sentence, then mangling the sequence of first letters slightly (substituting "2" for the first letter of "two" and its homophones, changing lower-case letters to upper-case and vice versa, etc.). If the password was generated by applying this method to a sentence in a published book, the book is a document reflecting a password used with the computer, as specified in the subpoena. If this process was performed by a person other than Boucher, Boucher may possess a copy of this book and not know that it must be provided to the court under the subpoena.
12.15.2007 4:09pm
fishbane (mail):
Something I've long wondered about is related to this question. (I'm extremely technical, and very interested in law, but not an attorney.)

My laptop has four accounts on it - my main one, an administrative one, my SO's, and a guest account. I don't know my SO's password, but do know the administrative one, so I could theoretically get to her files. Both her and my accounts are stored in File Vault, a Macintosh transparent encryption facility.

Posit that I pass through customs (thus end-running the 4th), and am busted for something in my user account. Posit additionally that there's something illegal in my SO's home directory. I didn't know it is there, but due to having the administrative password, one could plausibly state that I had control over it.

Am I liable for that material, because I technically could have looked at her files?

What happens if that material is only uncovered after both the laptop and myself are back in the country - does the exception to the 4th somehow still apply to that data? What if they were separate disks, instead of just disk images? What if it were a separate computer that I had with me, but wasn't at the time used as a reason to arrest me?

To me, seems hard to draw a line between separate encrypted files, separate physical disks, and separate machines, from a technical perspective.

There are other cryptographic methods that I suspect will come to cause a lot of legal grief. For instance, there are methods for requiring n of m people to enter a password in order to decrypt a file (think of the 2 key security measures for launching missiles). Could a third party not (yet) under suspicion be forced to provide their password, if they might be incriminated in the contents? (I add the last, just to overlook, e.g., a storage lot opening a unit for cops under subpoena. )

I also wonder a lot of about duress codes - other's have speculated here. But if one password opens the encrypted partition, and another wipes it, what is the customs agent to do? They had suspicion, and they watched data being erased. Has the eraser broken the law? I could imagine saying that they were obstructing, but on the other hand, the agent asked the user to type something at the machine. It is even possible that such a scenario could play out in good faith, if, one password is 'Monkey' and the other one is 'monkey'. Typos happen.

I have to think that as average people become more crypto savvy, the law here is going to become insanely complex. Yay, technology!
12.15.2007 4:32pm
George Henderson:
Orin,

I do appreciate you responding, both to my post and to these in general. You definitely make yourself available and I appreciate it, even for just the opportunity to shoot ideas back and forth.

In re: the thread response you link to, well that's fine. I agree you should have whatever opinion you do. But I will agree that it is somewhat inconsistent with the notion of being a big "libertarian blog," but it's a different question whether (a) that's really what the Volokh conspiracy is, and (b) whether I'd be reading such a strict libertarian blog in the first place.

In terms of your views, there's no way I can just broadly characterize your opinions, though I also don't think it'd be fair to say you're value neutral on the subject. I think several of the cases where you're not pro-government (particularly Danforth and Brendlin) are straw men, considering Danforth has a few different sides and some of the discussion from David Stras on Scotusblog make the issue pretty clear (though the Justices could throw us a curve ball), and Brendlin was not only a 9-0 decision, but the CA S. Ct was so out of bounds that the SG didn't even file a brief in support of its position.

But anyway, yes I suppose the answer is just you "agree with the government more than [I] do," but it just seems that the analysis is portrayed far more value-neutral than it winds up being. And this is particularly important since you're one of the few well-researched voices in the computer crime area. You might disagree that there's a need, but I think we need a few more scholars to emerge in the area, and balance, to my mind, is one reason. In any event this isn't meant as a sharp critique, but just the off-hand thoughts of a long-time reader buried in the comments of a particular post. Thanks for all your work in these areas. Whether this comment exhibits it, I do enjoy reading (and agreeing sometimes and disagreeing other times) your work.
12.15.2007 4:40pm
Sean O'Hara (mail) (www):

If the NSA has any tricks to decrypt PGP (and it would be the NSA), it is probably just a weakness in the encryption that NSA can exploit to turn the extremely hard problem into a less hard problem


And if the NSA figured out a way to make breaking PGP easy, they would most likely issue a warning. Remember, spying is only part of their purpose -- they also want to protect American interests, which means making sure US companies have encryption strong enough that the Chinese and Russians can't crack it. If that means some American criminals have encryption that gives law enforcement fits, well that's an issue for law enforcement, not the NSA.
12.15.2007 5:03pm
OrinKerr:
George,

Your comments a re really interesting, and they bring out the limits of blogging. I'm not an expert in everything, obviously, and it's impossible for me to completely research each issue before writing a blog post on it. I would say that I would normally need to put in at least 40 hours of research into a typical "really hard" issue before being really comfortable with my answer; until and unless I do that, I just have tentative thoughts. (And sometime i change my mind well after 40 hours, of course.) I can do that for an article, but it's hard for a blog post, especially on a recent case. Given that, blog posts are usually the 30-minute or 1-hour first impressions of a case; I then try to figure out more in the comments.

I absolutely agree with you that it would be fantastic if more subject matter experts blogged. I have personally tried to get other profs to blog about recent cases, but I can't seem to interest anyone in this. The folks I have talked to generally say that they don't have time. Those that have time say that it's just too nervewracking to put your reputation on the line everyday on really hard issues; no one can possibly get it right every time, and when you flop you flop in front of everyone. I wish I could persuade them to change their mind, but I haven't succeeded.

Next up on my Xmas list is getting more scholars to emerge in the area of computer crime law. Please, please, please!
We really need it, as there's so much going on. (Plus, selfishly, it's like the old story about one lawyer in a small town not being able to drum up business but two being very busy.) I think we'll get more in the area as the Supreme Court starts to take these cases, but until then it's likely to stay a pretty small crowd.

A Post-script: Based on the oral argument, I think Danforth will probably lose 5-4. If you think the opposition to his claims are a "straw man," you might want to watch out for the majority opinion.
12.15.2007 5:16pm
AllenWho:
I find the comparison to DUI rather fuzzy logic. The right to drive is not a constitutional right, but rather a privilege that has stipulations about consent for breathalyser, etc., that you sign when you get your license.

Some of the other logic used is equally fuzzy. I find it very interesting that few have commented, lawyer and non-lawyer alike, on Boyd v. United States, 116 U.S. 616 (1886), (as mentioned in a post above) in which the Court held that the Fifth Amendment protected a party from compelled production of private books and papers.

Furthermore, I find it extremely interesting that a blog about legal matters fails to raise the issues of judicial, police and prosecutorial malfeasance and/or misfeasance. The "Actual Innocence Project" has proven to me, beyond a shadow of a reasonable doubt, that such exists. Then, too, there is the series in the San Jose Mercury News, "Tainted Trials, Stolen Justice" (Tainted Trials, Stolen Justice San Jose Mercury News San Jose, California Fredric N. Tulsky, Projects Reporter How Judges Favor the Prosecution In a fourth of jury cases reviewed ...
www.abanet.org/publiced/gavel/07/excerpt4.pdf) which shows that there is a tendency once a person is arrested, they must be guilty so the weight of the state is put behind proving it regardless of its truth.

Another point I'll make is that I find it extremely sad that, as far as I can see in the responses above, no one is discussing planted evidence used in retaliation or to extract vengeance by the police or third parties, a well documented fact.

On a final note, the whole "child pornography" hysteria reminds me of the Salem Witch trials. Yes, abusing children, or anyone for that matter, is wrong and should not be tolerated, but possession of pictures is not, in and of itself, abuse anymore than the possession of pictures of murder scenes and dead bodies from the mass graves of genocide is abuse. Sick? Most probably unless in a historical or documenting work, and even then there may be perverse hidden motivators that cause the studies to be done in the first place. Inciting abusive actions? Much, much harder to prove.

Does possessing Holocaust Denial literature turn one into a Nazi bent on destroying Jews, Gypsies, communists and others, as German law seems to say? Not in and of itself.
Actions taken to further the ideas are another story and can be treated just like any other abuse of the rights of others, and should be.

Too often, to me, the focus is in punishing wrongs rather than encouraging rights. Staying stuck in a reactive mode will allow far more tragedy than pro-actively raising our children to know right from wrong and act on it.

Thank you for your patience in reading this screed.

Allen
12.15.2007 5:31pm
AllenWho:
I find the comparison to DUI rather fuzzy logic. The right to drive is not a constitutional right, but rather a privilege that has stipulations about consent for breathalyser, etc., that you sign when you get your license.

Some of the other logic used is equally fuzzy. I find it very interesting that few have commented, lawyer and non-lawyer alike, on Boyd v. United States, 116 U.S. 616 (1886), (as mentioned in a post above) in which the Court held that the Fifth Amendment protected a party from compelled production of private books and papers.

Furthermore, I find it extremely interesting that a blog about legal matters fails to raise the issues of judicial, police and prosecutorial malfeasance and/or misfeasance. The "Actual Innocence Project" has proven to me, beyond a shadow of a reasonable doubt, that such exists. Then, too, there is the series in the San Jose Mercury News, "Tainted Trials, Stolen Justice" (Tainted Trials, Stolen Justice San Jose Mercury News San Jose, California Fredric N. Tulsky, Projects Reporter How Judges Favor the Prosecution In a fourth of jury cases reviewed ...
www.abanet.org/publiced/gavel/07/excerpt4.pdf) which shows that there is a tendency once a person is arrested, they must be guilty so the weight of the state is put behind proving it regardless of its truth.

Another point I'll make is that I find it extremely sad that, as far as I can see in the responses above, no one is discussing planted evidence used in retaliation or to extract vengeance by the police or third parties, a well documented fact.

On a final note, the whole "child pornography" hysteria reminds me of the Salem Witch trials. Yes, abusing children, or anyone for that matter, is wrong and should not be tolerated, but possession of pictures is not, in and of itself, abuse anymore than the possession of pictures of murder scenes and dead bodies from the mass graves of genocide is abuse. Sick? Most probably unless in a historical or documenting work, and even then there may be perverse hidden motivators that cause the studies to be done in the first place. Inciting abusive actions? Much, much harder to prove.

Does possessing Holocaust Denial literature turn one into a Nazi bent on destroying Jews, Gypsies, communists and others, as German law seems to say? Not in and of itself.
Actions taken to further the ideas are another story and can be treated just like any other abuse of the rights of others, and should be.

Too often, to me, the focus is in punishing wrongs rather than encouraging rights. Staying stuck in a reactive mode will allow far more tragedy than pro-actively raising our children to know right from wrong and act on it.

Thank you for your patience in reading this screed.

Allen
12.15.2007 5:34pm
Some Dude:
There's no such thing as a "biometric key". Biometrics can be used for identification, but using them for authentication is asking for trouble. In the hypo where the data is protected, say, solely by a biometric device that coughs up some decryption key when it identifies the owner, then it is very easy to defeat such protection. Unless, that is, the device is encases in a tamper-resistant package that can self-destruct when an attempt to tamper with it is detected, but this is really difficult to implement well, and sufficiently advanced labs can develop techniques to defeat any off-the-shelf such systems (and most ad-hoc ones too). Besides, most biometric devices are not so good that they can't be fooled with far, far less effort.

In other words: don't use biometrics alone. Use them only in combination with actual authentication mechanisms.

And yeah, they could force someone to put their finger to a fingerprint reader: knock them out, then take their finger to the reader and you're done. The clever thing would be to make the system self-destruct if the wrong finger is used, but if the suspect has ever been observed using the correct finger, then they are still screwed. A secret finger sequence (particularly one that changes every time it's used) would be akin to a password, thus providing an additional authentication measure.

This case is most interesting. I don't see how the defendant can be compelled to reveal their passphrase, or the cleartext of any encrypted files unless there is a statute that makes the consequences of failing to comply comparable to those of being convicted of the crime of which they were accused, which charges the prosecution needs the passphrase or cleartext in order to prove. Why? Because no matter what the defendant's lawyer tells him, as long as the defendant knows the truth of his legal situation then the defendant can just "shut up and go limp" as was mentioned by another commenter. This is not a matter of what the Supreme Court has or might say about any case like this one, except cases where such statutes exist and are at issue. Such statutes do not yet exist, but they might someday.

Thus I believe even if the magistrate's decision were reversed on appeal (that is, even if Mr. Kerr's view is correct or close to it) the worst that could happen to the defendant is still that he could (and most likely would) be found in contempt of court and sent to jail for a long time, but for much less time than what he might get sentenced to if convicted of the original charges. At least that would be the case under current law (note: not caselaw).

Cheers!
12.15.2007 6:15pm
Marian Kechlibar:
Finally some thread I can comment on. My field of study was algebra and cryptography, and I develop security software for living.

In this field, mathematics has overtaken legislative beyond any hope. Confronted with a bunch of randomly looking bits, you:

a) can say that these are truly random, and not result of any deliberate encryption

b) you can be telling the truth or lie, but there is no mathematical way of proving either version

c) you can produce a "key" that "decrypts" the file into anything (!!anything!!) you wish using the so-called "One-time pad". An "one-time pad" with adequately constructed key can turn your random bits into a picture of your pet - or kiddie porn, for that purpose.

d) you can claim that you have never seen the file (uh? that thingie? Must be from Maggie whom I borrowed the notebook back in Sydney ... she was blonde but I do not know anything else) and that you have absolutely no idea about its content.

Oren: I think you are a bit confused about the "plaintext" terminus technicus. From the techie point of view, this "plaintext" need not be human-readable or need not have sense. Anything you get from the decryption device after applying a "key" is a "plaintext". If the encrypted file contained some meaningful content, then one key (the one you encrypted with) will provide you with that meaningful content, and the rest of the possible keys (in a good cipher, at least) some other "plaintexts", which will be random-looking binary garbage. But they are correct "plaintexts" for those other "keys"; "plaintext" is not necessarily meaningful, it is just an input to the encryption mechanism with a given key. And you can have perfectly good technical reasons to encrypt random data too.

Finally, the PGP security: encryption algorithms that depend on finding divisors of big numbers cannot be cracked by brute-force, unless the keys are trivally short. The best candidates, Number Field Sieve and Quadratic Sieve (I have implemented both of them at my previous alma), fall miserably short, as the time and resources needed grow sub-exponentially with the length of the keys.

Horatio: you do not use the lingo correctly. Prime numbers cannot be factored into anything else than 1 and themselves. You probably mean the large moduli, not large prime numbers (large moduli consist of 2 or more different primes multiplied together). "The quantum computing" and "the quantum cryptography" are two very different things.

"The quantum computing" is a theoretical concept and AFAIK no one really knows whether it will ever be really possible, let alone practical. If it was real and practical, algorithms for it exist that could theoretically break PGP in reasonable time: but no quantum computer exists yet.

"The quantum cryptography" is an encryption scheme that can be used for a secure communication free from eavesdropping. It is realistic and already deployed in labs. However, it has nothing to do with PGP and cannot be used for PGP cracking.

Last but not least, no one knows whether the NSA can break PGP. I am inclined to think that they are not; but if they could, it would be entirely appropriate for them to publish this fact. After all, American companies use PGP to protect their sensitive data; and if it can be broken by the NSA, it might be broken by the Chinese, Russians, Israelis (all three countries are cryptography superpowers...)?

Greetings from Prague, the Czech republic.
12.15.2007 6:20pm
randal (mail):
a proof describing a method of factoring very large prime numbers

Really? I thought I was the only one. Go ahead - give me the largest prime number you know. I'll factor it instantaneously!

In fact, you can give me any large number, and I'll factor it pretty darn quickly for you, as long as it's prime.

(For the non-geeks out there - public key encryption is based on the difficulty of factoring large numbers, specifically large numbers which are the product of two large primes. Factoring primes, on the other hand, is trivial.)

(In any case, PGP Whole Disk Encryption doesn't use public key encryption, it uses standard symmetric key encryption, namely 256-bit AES.)

(Also, Robert Reese, the asymmetric keyspace - as in classic PGP - is sparse, so a 4096-bit key isn't as hard to crack as you're imagining. Very few 4096-bit numbers are valid asymmetric keys, and you don't have to check the invalid ones. 1024-bit asymmetric keys are considered pretty weak, whereas a 1024-bit symmetric key would be total overkill. The key in this case would appear to be a 256-bit symmetric key.)
12.15.2007 6:25pm
Marian Kechlibar:
Randal: I even can't think of any current mainstream symmetric block cipher that would use 1024-bit keys.

However, some extra paranoid software can use, say, 4 ciphers in sequence, giving 256 bit key to every one of them (say, AES, Twofish, RC6, AES again).
12.15.2007 6:38pm
Some Dude:
Usually encryption is used with a cryptographic message authentication code to ensure that you have the correct plaintext on decryption. If you want plausible deniability then you shouldn't use MACs. Of course, producing a "bogus" one-time pad as the decryption key requires having the cyphertext at hand if you want the plaintext to look innocent, and the defendant might not have access to it. Besides no one would believe that that is the correct key. More likely than not you are not using one-time pads in real life because they are so unwieldy, and instead use actual ciphers, evidence of which will exist on your computers.
12.15.2007 6:39pm
Marian Kechlibar:
Some dude: yes, one-time pads are unwieldy.

However, the real issue with encryption/decryption and the correct plaintext is somewhere else.

Let us say that your adversary creates a file with random contents on your disk, with size being a multiple of a typical block size, and names it "nekkid_kiddies.pgp", then claims that it was encrypted with your PGP key.

You absolutely cannot prove that it is NOT encrypted with your PGP key. You cannot prove that it is in fact random garbage taken from /dev/urandom by someone else than you...

You failed to provide "the key", you go to prison (courtesy of British RIPA) - sort of Soviet-like, or rather Kafkaesque situation...
12.15.2007 6:46pm
Marian Kechlibar:
Whoops, as I read my last comment, a portion of a sentence has fallen out, changing the whole meaning. It should read:

You absolutely cannot prove that it is NOT encrypted with your PGP key unless you provide the cops with your passphrase.

That is the real catch-22
12.15.2007 6:51pm
Some Dude:
Marian: I agree, but I believe that courts are likely not to stop at such an analysis, but to go on to look at the likelihood that some random octets are a ciphertext produced by you using tools found to be installed on your computer, and they will likely conclude that that likelihood is high indeed, at least in some cases.
12.15.2007 7:11pm
Horaio (mail):
Horatio: you do not use the lingo correctly. Prime numbers cannot be factored into anything else than 1 and themselves. You probably mean the large moduli, not large prime numbers (large moduli consist of 2 or more different primes multiplied together).


I stand corrected -this is what I meant - the product of two large prime numbers
12.15.2007 8:31pm
Oren:
MK, that's just a tortured view of the situation. There are two separate questions here that you are unnecessarily entwining.

The first question is whether given data can be shown to be ciphertext. The answer is a resounding no. It could be dev/random or whatever nonsense, as you say. Where you go wrong, I think, is in concluding that therefore we can NEVER show that any data are ciphertext.

Consider the most blatant case, you have TrueCrypt installed and it keeps a history of encrypted volumes and the file "Temporary Stuff Pay No Attention" was the last thing in the list. Furthermore, the disk access logs show that this file was created right after the TrueCrypt program was installed. (If you want to be more blatant, the gov't installed a screengrabber but not a keygrabber . . .)

I believe I've now established, beyond a reasonable doubt, that "Temporary Stuff . . " is indeed a ciphertext insofar as it is the encrypted output for some plaintext. It is now a mathematical certainty that, for some key, that ciphertext can be decrypted into the plaintext that was originally input into TC.
12.15.2007 9:19pm
Some Dude:
Oren: Exactly :)

MK: In Diffie-Hellman the modulus is prime. In RSA the modulus is a composite of two large primes. Thus not all moduli as used in crypto are composite. Also, let's stay away from quantum cryptography (those interested can search for the subject and figure out that QC is mostly snake oil: it's really only unauthenticated key exchange for point-to-point links [i.e., not end-to-end] and thus subject to man-in-the-middle attacks unless one adds "classical" cryptography to authenticate the key exchange, at which point one must wonder why spend money on something so revolutionary that it still requires the use of that which it was meant to replace).
12.15.2007 9:46pm
Riskable (mail) (www):
I've been reading these comments and I noticed that a lot of people fundamentally don't understand what a passphrase is. In the world of information security a passphrase falls under the category of "authentication". As in, Authentication, Authorization, and Accounting (AAA protocol).

There's many ways to go about authentication and a passphrase is one of them. Passphrases are typically referred to as, "something you know." So if your authentication mechanism requires a passphrase it is a single-factor authentication mechanism.

If your authentication mechanism requires two elements it would be called two-factor authentication. An example of this would be that you have to scan your fingerprint *and* enter your passphrase in order to be authenticated. This is a combination of "something you are" (fingerprint) and "something you know" (passphrase).

Since a passphrase is "something you know" then I can't fathom any instance, ever, whereby a person would be compelled to provide it without violating the 5th amendment.

Note: If a person doesn't actually know their passphrase and instead copies it from a piece of paper every time they enter it that would be "something you have" and NOT "something you know."

-Riskable
http://riskable.com
"To define a problem incorrectly is to ensure that it will never be solved."
12.15.2007 10:47pm
David W. Hess (mail):
Recent versions of PGP disk encryption can use 256 bit AES, 128 bit CAST5, or 256 bit Twofish as selected by the user when a encrypted disk is setup. None of these are vulnerable to prime number factoring or any publicly known attack short of brute force. The password is necessary to decrypt and mount the drive and it can only be recovered through a cryptographic attack, subversion, or coercion.

Truecrypt supports similar functionality with the addition of deniable hidden disks.

Operating systems like Linux and BSD support encrypted file systems at a very low level in software such that the password must be made available to complete the boot sequence and without it nothing of significance can be recovered.
12.15.2007 11:12pm
justwonderingby:
Allenwho:

"The "Actual Innocence Project" has proven to me, beyond a shadow of a reasonable doubt, that such exists."

And what of this?
12.15.2007 11:26pm
OrinKerr:
Riskable writes:
Since a passphrase is "something you know" then I can't fathom any instance, ever, whereby a person would be compelled to provide it without violating the 5th amendment.
Riskable, but doesn't the 5th Amendment often permit the government to force people to divulge what they know? Or do you adhere to a different view of what the Fifth Amendment should mean that disagrees with Fisher, Hiibel, Doe, etc.?
12.15.2007 11:44pm
ProctorOfAdmiralty:
I think John and Philistine are right, this is possibly not a fifth issue (though if it was then I don't see anyway of compelling the individual to provide the password as that is self incrimination). Also, though I can't quickly put my finger on it (and perhaps that speed is the mistake), I thought that the shoe bomber encrypted some data on his laptop that was cracked (was that not PGP and perhaps Windows 40bit encryption?).
12.15.2007 11:44pm
Avatar (mail):
Yeah, there is indeed also a problem with a judge incarcerating someone for contempt indefinitely because they will not decrypt a file - if that file was planted there by a third party and encrypted by a password you don't know (or, as a previous poster said, if it's random in the first place and can't be decrypted to anything), then even if you do provide your encryption password, it won't decrypt that file - and that's pretty much indistinguishable from you giving the wrong password to tick off the judge. Huge abuse potential.

So what can the government do here? Appeal, obviously. Institute a policy when an agents suspects encryption or another access control - once you get access somehow, DO NOT turn it off until you've sucked the data off the drive! But short of that, there's not a lot they can do. This case wouldn't have even come to trial had the defendant been slightly more intelligent (basically, not using filenames that showed evidence of child porn, not answering with "maybe" when asked about child porn, emphatically not decrypting something when asked.) Against our theoretical smart-enough perp, the agent examining the laptop would not have ever suspected the presence of incriminating material...
12.15.2007 11:51pm
randal (mail):
Let's be clear about one misconception that I've seen mentioned a few times on this thread.

Theoretically, it's true that encrypted whatever cannot be shown not to be pure random garbage.

Putting aside the unliklihood that a person has a partition of actual random garbage, it's pretty easy to show, in any real-life situation, that a given partition is not in fact garbage. Possible clues:

the presence of a program like PGP Whole Disk Encryption with configuration data pointing to the "random" drive

the presence of paths pointing to the "random" drive in various programs' Most Recently Used caches, like Media Player's

the presence old data in the page file or other detritus pointing to locations on the "random" drive

the presence of encryption metadata on or pointing to the "random" drive, such as block headers

It would be infeasible to make an encrypted drive look indistinguishable from a "random" drive unless you kept the access program off-box (like, on a floppy) and had an OS / apps that were guaranteed never to cache information from the "random" drive.
12.16.2007 2:00am
Mike G in Corvallis (mail):
A hypothetical: Who says the border agents are playing fair?

Never mind what he actually did say ... suppose Boucher were to say, "Hell no! I'm not giving you my password! I gave it to those @#$%&*! agents once to prove I didn't have child pornography on my computer, and then those lying weasels claimed that I did! I'm not going to give you guys the opportunity to plant incriminating files on my computer -- you've already proved to me that you're dishonest SOBs! Your Honor, why don't you have those lying officers strip-searched to see whether they're also carrying any bags of pot or coke to plant on innocent suspects?"

Note that in a real-world situation, the defendant might or might not be telling the truth. Does it matter? Should it matter?
12.16.2007 2:39am
Greg Smith (mail):
Long discussion to wade through here. Couple of things:

After reading the full background in the PDF, there's certainly reason to doubt as to whether this person is really guilty. The defendant's claim was that they download content in bulk from newsgroups. For those unfamiliar with the pornographic newsgroups out there (it's kind of old-school technology at this point), I assure you that it's an ugly place. If you point software that does bulk downloads toward them and let it go unsupervised, you could easily end up with illegal images like child pornography on your hard drive that you had no idea were there. The presumptions here seem to lean toward the defendant being a) guilty, or b) stupid. It's quite possible the reason this guy waived his rights was instead just unsophistication. What if he thought being honest would be in his benefit--that he'd get into more trouble if they found the illegal content he suspected might be there if he were evasive about it?

What's really troubling about this whole area is that there's all kinds of ways files can get on your PC without you knowing nowadays. Talk to any tech who cleans out spyware regularly and you'll discover how easy it is for people to get things they didn't want on their hard drive.

The background also is clear the defendant never typed the password in at the checkpoint. Forget about using amnesia as a defense; the obvious one here is for the defendant to say they don't know the password--that someone else has typed in before for them and at the border crossing the PC was still caching it--or that the one they knew has expired. You could easily setup something like this so that if the password weren't entered within some amount of time, the data was shredded.

Not knowing the password isn't even completely impossible. I would bet *most* encrypted laptop drives are setup that way to secure the data of that person's employer. For every person I know who uses PGP personally, I'm aware of thousands of people whose corporate laptop is given to them with encryption. In that case there can be areas the employee doesn't even have access to, that only a system administrator can get into. It's doubtful that's the case here (not a lot of companies are buying Alienware hardware) but it could be a possibility in a future case in this area.
12.16.2007 3:14am
mrd (mail):
No. All encryption presupposes the existence of "plaintext" - the original data that is the input to the encryption process. The encryption process is then (plaintext)+(key) --->ciphertext .

It's quite a tortured interpretation to say that the ciphertext does not 'contain' the plaintext - it clearly does. It is also mathematically certain that there exists a reverse transformation that unambiguously recovers the plaintext

I had no intention of using a "tortured interpretation" , but I think you are equating math with probability. There is a 100% chance that I can mathmetically transform any random number sequence you give me into a picture of "your cat" given the right algorithm and time. Math is infinite. The probability of such an action may be beyond reasonable doubt (the probability equates to a DNA finding raised on a logarithmic scale) but it is not beyond the boundaries of math. Every time you type in a key it may result in "plaintext". It just may not be the "plaintext" you were lookink for.
.
12.16.2007 4:23am
Mars vs Hollywood:

The right to hide incriminating evidence from the police is fundamental, without it, every personal matter is liable to be 'inspected' by the state on the flimsiest of evidence.

Maybe it's a semantic thing or maybe I'm misunderstanding you, but this seems wrong. If it were a "fundamental right" to hide incriminating evidence, then wouldn't the presentation of ANY evidence a person tried to hide, regardless of how it was found, be improper since it would violate this "right"? A right has to be enforceable, doesn't it?

I would argue that rather than a "right to hide incriminating evidence", we have a right to expect that the government has to make a case, follow specific procedures, and seek proper permission before searching for evidence or using it in prosecution.
12.16.2007 6:34am
Marian Kechlibar:
Orin 12.15.2007 9:19pm: it seems to me that your proof would work in real world court of justice.

Mathematicians and lawyers mean something very different by the same word "Proof" :-) I must admit that I am inclined to think in the mathematical meaning of the word...

Randal 12.16.2007 2:00am: I believe that a mildly Linux-savvy person could setup a Linux system to avoid most of the gotchas.

All: OK, during the night, another thought occured to me. Let us expect that Orins and Randals methods prove beyond reasonable doubt, that the file was in fact created by some encryption program. What if the defendant claims that the police corrupted the encrypted file by, say, turning the PC off incorrectly (ťherefore, some data was written down badly), and, as a consequence, he can no longer decrypt them themselves even with a correct password. It is often true for many encryption softwares: alter a single bit, and the whole container goes to hell.
12.16.2007 7:48am
Marian Kechlibar:
Orin 12.15.2007 9:19pm: it seems to me that your proof would work in real world court of justice.

Mathematicians and lawyers mean something very different by the same word "Proof" :-) I must admit that I am inclined to think in the mathematical meaning of the word...

Randal 12.16.2007 2:00am: I believe that a mildly Linux-savvy person could setup a Linux system to avoid most of the gotchas.

All: OK, during the night, another thought occured to me. Let us expect that Orins and Randals methods prove beyond reasonable doubt, that the file was in fact created by some encryption program. What if the defendant claims that the police corrupted the encrypted file by, say, turning the PC off incorrectly (ťherefore, some data was written down badly), and, as a consequence, he can no longer decrypt them themselves even with a correct password. It is often true for many encryption softwares: alter a single bit, and the whole container goes to hell.
12.16.2007 7:49am
byomtov (mail):
I have a different question concerning the 5th A.

Suppose, instead of computer files, we were dealing with seized documents in an obscure foreign language, or encrypted if you prefer. Could I be required to translate the documents? Or even to provide any clue to help them do so?

Why is this not analogous to this case?
12.16.2007 10:25am
Some Dude:
mrd: with one-time pads (unwieldy and unused) you could make any ciphertext look like any plaintext of the same size. In practice no one would believe the defendant if they produced a one-time pad as the decryption key. Excluding one-time pads then you are correct: to find an alternative key that decrypts a given ciphertext to a meaningful and harmless plaintext other than the original is computationally infeasible for modern ciphers -- such a key has to be computed at the time of creation of the ciphertext, and you need a cipher that can do that ("hmm, this plaintext is much shorter than the ciphertext, give us the other key!").
12.16.2007 12:37pm
Crackmonkeyjr (www):
Ken:
The issue you bring up about not being able to tell between an innocent person and a guilty person for purposes of forcing testimony is pretty much irrelevant. We already allow the government to force people to testify about things that we think that they know. The only situation where you don't have to testify is if it would incriminate you. For example, if I my parent/child/girlfriend/sibling/best friend kill someone and ditch a gun, the government can force me to testify as to where they ditched the gun, and if I refuse, they can hold me in contempt of court and throw me in jail.
12.16.2007 12:42pm
hattio1:
Just to comment on some previous posts. Several people have said the difference betwen the 5th and the 4th is that under the 4th the State can get things, but they can't force any action under the 5th. This is incorrect. For example, they can force you to appear for a line-up, they can force you to wear certain clothes, say certain phrases etc. Doesn't change my analysis that the magistrate was right in this case...but there you have it.
12.16.2007 5:39pm
nk (mail) (www):
What a nonsensical post. Can the State compel the defendant to tell them where he hid the body of the child he murdered? The Supreme Court answered that question quite a long while ago. And have you read the oral arguments in Miranda? Where the government conceded that the Fifth Amendment applied to "process" i.e. subpoeanas.
12.16.2007 10:35pm
David Schwartz (mail):
randal:

"It would be infeasible to make an encrypted drive look indistinguishable from a "random" drive unless you kept the access program off-box (like, on a floppy) and had an OS / apps that were guaranteed never to cache information from the "random" drive."

Nope, not true. It's not just feasible but trivial. The basic idea is that you have a single partition that contains a number of blocks. When you enter a key, it attempts to use that key to decrypt each block in turn. Whatever blocks you decrypt it links together to form the drive.

It can easily be rigged so that it is impossible to tell whether any given key decrypts all the blocks that lead to valid data. Each block instructs you to add a certain percentage of "nonsense data" to the list for all valid data you add, so every block could have produced the final state of the list.

Others:

Anyone who tells you they can destroy the data after too many invalid password attempts is lying. This is simply not possible with conventional hardware. The police will *definitely* make a complete image of the drive. They can always restore the drive to the state it was in when they seized it.

And even if the NSA can break PGP's whole disk encryption, they will never, ever take even the slightest chance that this will even be suspected. They would never risk that intelligence windfall for a mere criminal conviction. The last thing they need is even one guy going around saying that he protected some data with PGP and it mysteriously wound up being used as evidence against him. If people stop trusting PGP, they'll use something else, and that windfall goes away.

In any event, I doubt they can.
12.17.2007 1:48am
BenEnglish (mail):
David Schwartz:

The police will *definitely* make a complete image of the drive. They can always restore the drive to the state it was in when they seized it.

OK, that's true. But the previous two sentences:

Anyone who tells you they can destroy the data after too many invalid password attempts is lying. This is simply not possible with conventional hardware.

are overstated.

I use Flagstone drives. Perhaps they don't qualify as "conventional hardware" but they do erase an on-board key held in a PROM after 5 invalid attempts. Yes, the drive can be imaged by removing the platters and reading them directly but that image is encrypted and useless. After the PROM is erased, the data is inaccessible. There is an optional provision for a backup/admin account that can re-enable the user account passphrase or wipe the drive and leave it ready for re-installation as new.

Further, many marketers of drives encrypted in hardware make a big deal out of how their drives are instantly de-commissionable, ie can be instantly destroyed, thereby making the administrative processes involved in cleaning a drive prior to disposal painless. Those processes are a big time sink in some organizations and the ability to instantly kill all the data on a drive is a big selling point.

So, instant whole-drive data destruction is not just possible but common with some classes of hardware. I won't use anything less in my personal computers, even if that does mean I'll pay, given the recent tanking of the dollar, nearly USD$1000 for an 80-gig drive. I have two such drives that I've, thankfully, had since before the dollar started its recent swan dive; I only paid about USD$600 for each of mine.

If you want more info, Seagate's Momentus FDE, Stonewood's Flagstone, and other drives are examples of the type. I believe Enova is another maker. Poking around for RFPs in the .mil domain can reveal all sorts of interesting stuff about how this kind of hardware gets acquired and used.
12.17.2007 3:12pm
David Schwartz (mail):
Instant whole drive destruction is silly. The data is encrypted, so destruction consists of simply throwing away the key. You can store the key on a physical device and step on it just as easily.

If you trust the encryption to protect the data, there is nothing you need to do anyway. The data is encrypted and an attacker does not know the key.

If you don't trust the encryption, instant drive destruction is useless. The encrypted data is still there in the same form as it always was.

Instant data destruction = throw away the key
12.17.2007 8:46pm
Just Passin' Through:
Points for consideration: (1) If there were no right not to testify against oneself, such as stating passwords, then what's the limit on extracting the information? What torture is allowed to retrieve the information in an ordinary civil or criminal court case (as opposed to a security case in which there are no rules, the blathering of Hillary and others notwithstanding).
(2) Someone suggested that refusing to comply with a subpoena has less penalty than child porn. Don't count on it. It is contempt, and if I recall correctly, one can be held for contempt until willing to comply with the court's order or the stars fall from the sky, or both.
(3) Regarding 'document retention', one shouldn't trust anything so small one can't see whether it is still concealing something or not. Insuring document destruction means destroying the storage device, such as a hard drive, for instance, by submersing the entire thing in salt water and then tearing it apart, or melting it into a blob, smashing it with a hammer, etc. Whatever brings an end to the ability of that device to relay information that ought not be relayed.
12.18.2007 12:05am
BenEnglish (mail):
Just Passin' Through

(2) Someone suggested that refusing to comply with a subpoena has less penalty than child porn. Don't count on it. It is contempt, and if I recall correctly, one can be held for contempt until willing to comply with the court's order or the stars fall from the sky, or both

With all due respect, I believe whoever posted the original sentiment is more correct.

Going to jail for child porn is a death sentence in the sense that your life is over. If you survive the long time in jail (technically, the sentence for possession of child porn in some jurisdictions can be greater than the sentence for child molestation, but that's splitting hairs) locked up with a large number of men who will think ill of you because of what you're convicted of, you are then put into a society that brands you with a big scarlet letter, restricts your movements, subjects you to arbitrary punishments of varying sorts, and basically does everything possible to make sure you are unhappy and unsuccessful for the rest of your life.

On the other hand, if you're locked up for contempt, your time will be less hard for a variety of reasons. Your fellow jail inhabitants will have more respect for someone jailed for telling a judge to go jump in the lake than for a short eyes. You're likely to be held in a facility close to the court instead of a remote prison, thus enabling visits from family and your lawyers; this, alone, will likely make your time much less hard. The possibility exists that you'll be released if the judge changes his mind. The possibility exists that public pressure will influence the judge to change his mind; with a good PR machine, you could become a cause celebre for opponents of judicial overreaching. No matter what you're suspected of, few judges feel good about locking someone away for life without a trial. No matter how much of a hard case they are, the whole notion is inconsistent with any reasonable definition of justice. Sure, you could get a judge who cares nothing for justice and will happily keep you locked away forever for insulting his court but even in that case things could still change. Federal judges tend to be mature men; he could die in a few years. The judge who inherits the matter will have less emotion invested. The possibility arises, again, that you could be released. And if you are released, you're free, unlike someone who has served time for child porn who, despite the fact that they are out of prison, will be imprisoned forever without possibility of release by a patchwork of punitive statutes designed, despite their packaging as "public safety" measures, to continue punishing you in as many sneaky and demeaning ways as possible until the day you die.

No, I must respectfully disagree. Taking the hit for contempt is probably better than being convicted of this particular crime. (Insert some caveat about the possibility that your particular jurisdiction, your unique circumstances might cause you to reach a different conclusion; I recognize this possibility.)
12.18.2007 8:35am
TwelveOaks:
First let me say that I completely came across this post by random article reading and it's consumed much of my day and has provided for a number of interesting conversations at my office. I might be overstating the obvious however one thing that hasn't been considered is what else is on the Z drive. What of the possibility that it contains information relating to other crimes and nothing to do with child pornography. It would seem that the relevance of the 5th would be just in this instance. The other question that comes to mind is did they prove that the laptop even belongs to Boucher, while I am sure they did it raises the question of by simply being in possession of a machine that contains child pornography are you guilty? The comments about the biometric security raises additional questions. Cryptolex offers a device (Mobio) that uses fingerprints for authentication. The system can be configured to utilize a distress finger print as well. If your right index finger is the key for access and your left index finger is the key for distress this could trigger the corruption of the file. Understanding that at the point in which this would take place they would have made the image of the drive.

The reference to DUI and tests is probably not similar. While the laws will vary from state to state most states will suspend your licenses for refusing the breathalyzer. It is in rare cases from what I understand that someone would be under court order to allow blood to be drawn. I would imagine that this is typically in instances of death or horrible injury.

I also find that the idea that the state would suggest that should Boucher enter the passphrase himself they the jury could be instructed to bar that from their ruling. Right or wrong the judicial system is just as fallible as those serving on the jury. It could be very difficult for someone to believe that since you know the passphrase that you weren't also aware of the contents of the drive. Understood that yes files could easily be put on your machine that you aren't aware of.

One other question, what would happen if this laptop were his employers laptop. What nightmare would that bring upon his employer. Would they have to prove or disprove that they didn't put those images on the machine?
12.18.2007 7:37pm
jdege (mail):
For those who have been talking about how PGP can't be cracked, technically, that's true.

But I've read that doing a raw scan of the hard-drive, and attempting every string found as a possible key works in something like 40% of the time.
12.19.2007 4:44pm
jdege (mail):

mrd: with one-time pads (unwieldy and unused) you could make any ciphertext look like any plaintext of the same size. In practice no one would believe the defendant if they produced a one-time pad as the decryption key.

Envision not an encrypted file, but a encrypted device. It is allocated a fixed section of disk, and fills it with random numbers. The software mounts a virtual partition, given a pass phrase, displaying a directory structure that is stored, encrypted, in the allocated section of disk.

Now suppose that that there was a second virtual partition, stored in the same section of disk, accessed with a different pass phrase.

Impossible? No. There is widely-used open-source software that does exactly this. It won't magically create innocuous files for you, but it will give you two distinct virtual partitions, stored within the same encrypted disk sectors, accessed with different passwords, and without revealing how much, if anything, is stored in either, or whether there is one or two virtual partitions present.
12.19.2007 6:38pm
JJW72:
I found this article at CNet, and from what I read, the agent only found adult pornography and animated pornography depicting adults and children. If that's all they found, and he has no past history, then this guy isn't guilty of possesion of child pornography. I am not a lawyer, but with regards to sexually explicit depictions of minors, US Code 18, 2256, Paragraph 11 states as follows:



The term “indistinguishable” used with respect to a depiction, means virtually indistinguishable, in that the depiction is such that an ordinary person viewing the depiction would conclude that the depiction is of an actual minor engaged in sexually explicit conduct. This definition does not apply to depictions that are drawings, cartoons, sculptures, or paintings depicting minors or adults."



Many will call this guy sick, but if that's all he has on his laptop, he is no criminal.
12.26.2007 9:54am