The best part of this whole story is the unintended consequence of attack. Don't like someone, encrypt a zip drive with drivel, toss it in his car and call the cops. Say you saw him looking at what could be kiddie porn. The guy doesn't know the password. Life in prison. No excuse.
This applies not merely to Bob in Accounting that's a dick, but to everyone: Congress! Start sniping political enemies. A jump drive here. A hard drive there. Soon, you could have 6 or so Congressional individuals going to jail for a child porn ring. The Feds would think it's a great prisoner dilemma. No one's turning on each other. Again, anonymous tip claiming that the right honorable Representative Duggans was watching kiddie porn late at night in his office. The same tipster told the police that while he was jacking it he thanked Representative O'Connel for the present over the phone (make sure to wait for an actual call so their is evidence).
Sure eventually all of this will die down. Until then, for $100 bucks and a few hours you can sit back, eat some popcorn and watch the system implode. Do it right and you'll get years of fun for everyone.
This would work for your average Joe, but not for Congressmen. Unless somebody more powerful than them want them gone, they will have the resources to just deflect the problem. Honestly, how many politicians have you seen going to jail ? Does it match the global % of population in jail ?
That's not what happened here. Read the DOJ's filing.
* The accused admitted to knowing the password and refused to provide it, on the auspices of not wanting investigators snooping through his files. Only later did they claim to have "forgotten" it.
* Prosecutors entered into evidence multiple factual claims establishing that the accused knew the password; for instance: years of eyewitness testimony demonstrating the accused entering the password from memory.
Whenever you get to an alarming conclusion like "this means forgetting the password to your laptop means life in prison", chances are, you've missed relevant details.
A zip drive with no fingerprints of the person it supposedly belongs to? Not very convincing.
Also in this case the prosecution apparently has a bit more information that just "he did it":
A subsequent forensic exam of his Mac Pro computer revealed that Doe had installed a virtual machine ... the examiner found one image of what appeared to be a 14-year-old child wearing a bathing suit and posed in a sexually suggestive position. There were also log files that indicated that Doe had visited groups titled: “toddler_cp,” “lolicam,” “hussy,” “child models – girls,” “pedomom,” “tor- childporn,” and “pthc,” terms that are commonly used in child exploitation.
... The exam showed that Doe accessed or attempted to access more than 20,000 files with file names consistent with obvious child pornography... and that he used the external hard drives seized by Delaware County detectives to access and store the images.
This is an important constitutional issue! The subject may be deplorable, but the root issue is not.
If it is a "foregone conclusion", then they should have no problem convicting the guy without forcing him to testify against himself. If it is not a "foregone conclusion", then they have been lying and are illegally (unconstitutionally) depriving him of his freedom for months, without even charging him with a crime!
>Investigators say they know child porn is on the drives. His sister saw some of it and the suspect is said to have shown his family an illicit video, too.
So that's their basis for this "foregone conclusion" apparently. That at one point in time it was witnessed.
That is very dangerous logic.
The sadest thing in this is that it took child pornography to make the headlines, not political activism or journalism but the most despicable crime in our modern society.
It is not in fact settled law that unlocking an encrypted drive is testimonial. It's also worth remembering that the primary motivation for 5A is to prevent false, coerced testimony and torture; when SCOTUS eventually deals with this, they could find that no protected substantive rights are threatened by demands to unlock encrypted media.
We're unlikely to get it both ways: both a right to strong encryption without government interference and a right to defy court demands to decrypt specific files. But we'll see.
I think people are undervaluing this point. Sure, you can say he's probably guilty, but the entire point of a jury trial is to determine that!
"That guy's totally guilty" isn't a basis for any kind of prejudicial action - either you have enough info to try him, or you don't have enough info to hold him on suspicion.
I kind of agree that if the government had evidence to convict or even charge him of a crime the burden is on the government.
Though we all hate the underlying accusation and no one wants to protect this kind of activity, it is important that the government play by the rules. To do otherwise sets the precedent for future abuse on less heinous cases.
Even if they have enough testimony to convict him, they may be more interested in forensic clues about where he obtained his files.
Decrypting his hard drive may lead to other charges against other people. If he knows that he can incriminate others, he may be waiting for a deal.
They're playing hardball with him right now. After six months in jail, watch them offer him a deal if he unlocks the hard drive. He gets a firm but reduced sentence (including time served) and they get more bad guys.
(Why yes, I have watched too many episodes of Law & Order, why do you ask?)
I find this interesting, as I would almost certainly have forgotten my password by now, it only takes me 4-6 months of never using a password to forget it, so I wonder what happens if you can't decrypt your drives, due to honest forgetting from sitting in jail refusing to, or from some sort of deadman's switch or similar that drops keys after N days.
>... it's a "foregone conclusion" that illegal porn is on the drives, ...
Obviously not if the government needs the suspect to tell them where to find the porn in the keyspace. The porn at this point literally does not exist on the computer. The government is asking the suspect to find it for them there.
So the question here is; can the government compel someone to help the government find evidence against them?
This reminds me of something a Pakistani coworker said. He said that in the area of Pakistan he grew up in they had the best police force anywhere. There were no unsolved crimes. Someone always confessed...
So this is the same sort of thing. Torture someone long enough with indefinite detention and they will eventually come up with something to indict themselves with. There has to be something illegal in any well used computer.
Contempt is appealable, and in stories about appeals for long contempt sentences it appears that the likely sentence for the underlying matter is a factor. So, as a practical matter, this might mean that refusal to unlock a drive will net you the same sentence as if you were tried and found guilty for whatever crime was supposed to be on the drive.
No it doesn't. They found evidence on his computer that strongly suggests there is child porn on the encrypted drive, there are witnesses that claim "John Doe" showed them child porn and he admitted to knowing the password initially, it was only later he claimed he forgot.
Prosecutors need sufficient evidence to obtain from a judge warrants, and in this case a decryption order, before they can hold you in contempt of court.
Of course, the evidence required for a warrant is still typically less than what is necessary to convict. The issue here is something to do with fifth amendment rights, which honestly I don't know a lot about because I'm Australian.
I've travelled with encrypted drives where I didn't know the password before. (Forgot it & was bringing the drive to someone for their own use after formatting).
I agree with the overall idea that this is an interesting/problematic case, but I think the discussion would be better served if we stopped assuming that the authorities here are morons.
No, forgetting your password is not a lifetime sentence. No, not knowing the password for an item you've never seen is not a lifetime sentence either. Refusing to obey a judge's order, however, will get you in trouble. Again, these people are not morons, and if they say the guy is only pretending to have forgotten his password (a dishonest criminal? shocking), they might have a good reason.
The reasons are stated in the article (the suspect never mistyped his password, and always remembered it), and addressed by the commentators you criticize (under pressure and after seven months without typing it, it is not impossible that you forget a possibly complicated password).
Even if you think that chances are high that the guy both is guilty of some crime and remembers the password, that still leaves the "what if he is actually innocent and actually forgot his password" case. Indefinite prison sure seems a hard sentence in the latter case, which you cannot refute beyond reasonable doubt.
Apart from the obvious assault on the presumption of innocence here, is there a cryptographic file-system that stores a secret X and Y that given a key k_x would decrypt the content X and given k_y would decrypt the content Y without revealing to an attacker that there are multiple contents?
If yes, than one could store a real secret X and store a false secret Y, something that looks like a secret enough to be perceived as a secret. Then in case of torture, government persecution, etc, the victim could reveal only Y.
> His sister saw some of it, and the suspect is said to have shown his family an illicit video, too.
> Within the virtual machine the examiner found one image of what appeared to be a 14-year-old child wearing a bathing suit and posed in a sexually suggestive position. There were also log files that indicated that Doe had visited groups titled: “toddler_cp,” “lolicam,” “hussy,” “child models – girls,” “pedomom,” “tor- childporn,” and “pthc,” terms that are commonly used in child exploitation.
> The exam also found that Freenet, the peer-to-peer file sharing program used by Doe to obtain child pornography from other users, had been installed within the virtual machine. The exam showed that Doe accessed or attempted to access more than 20,000 files with file names consistent with obvious child pornography... and that he used the external hard drives seized by Delaware County detectives to access and store the images.
They have a pretty strong amount of evidence that what's in those drives will be CP.
I'm quite surprised that they can break Freenet but can't break FileVault (I remember reading an article about a Filevault master password that is short and brute-forceable but can't find it atm). I would have bet the other way around.
Freenet has only symbolic privacy protection for downloaders. Privacy is supposed to come from your node requesting not only blobs it is downloading for itself, but also blobs other nodes have requested from it. Unfortunately, as far as I understand, freenet's routing algorithm is such that these two classes of requests come from blatantly different statistical distributions. The further a requested blob is from a node's address the more likely it is the node is requesting the blob for itself. Another layer of protection is the blocks being encrypted, but if they are publicly published that can be changed with a bit of scraping.
What this means is that by running a single freenet node you can monitor half a hundred others. What's surprising is that it hasn't been done earlier. You don't even have to commit a crime to do it as a civilian.
This could have been avoided if freenet was hoisted on top of tor (not totally trivial because freenet runs over udp) or had an onion routing layer of its own. If the glaring privacy flaw was fixed freenet would have amazing properties which tor lacks, namely very safe and scalable (no dos unless you take down the whole of freenet) static hosting and non-realtime communication in general, and utter censorship resistance. Trying to figure out who has a blob only spreads it around more.
It's a shame the ideas behind tor and freenet haven't come together in a popular project.
This certainly points towards having more widespread support for plausible deniability, no? Are there any mass encryption tools that are reasonably simple to set up providing this (besides TrueCrypt Hidden Volumes)?
Would someone continue to be held in contempt if they furnished a decrypted drive that didn't contain the information that court held as a "foregone conclusion" that it contained?
Sections 49 & 53 of the RIPA allows for up to two years imprisonment for failing to provide unencrypted copies of key material. Not quite the same as life. Although I wouldn't be surprised if they managed to abuse it in this way.
Seven months imprisoned without trial and counting. The technicalities about contempt and hard drives are a distraction; the real injustice is that, as a routine matter, the US government no longer gives trials without extensive pre-trial punishment.
>The defendant, who is referred to as "John Doe" in court papers, claims he forgot the passwords. The suspect's identity is Francis Rawls, according to trial court papers.
> In fact, Doe had multiple layers of password protection on his devices, and he always entered his passcodes for all of his devices from memory. Doe never had any trouble remembering his passcodes (other than when compelled to do so by the federal court), never hesitated when entering the passcodes, and never failed to gain entry on his first attempt.
You could be lying. What is more interesting to me is what happens when you destroy the crypto key (usb token or a smartcard), so no one ever can decrypt it.
The exam showed that Doe accessed or attempted to access more than 20,000 files with file names consistent with obvious child pornography
Is nobody else alarmed that OS X apparently logs any and all( or at least 20k records )file accesses by default? This is way too many to be found in the HFS journal, so it's clearly intentionally logging all accesses.
Edit: They also appear to have been able to deanonymize the defendant's FreeNet usage, though this could have easily been OPSEC violations rather than technical shenanigans.
Ars Technica chose to illustrate this article with a perspective-distorted screenshot of md5-crypt-encrypted passwords, the entire point of which is to prevent the person who has the encrypted password from being able to decrypt it.
[+] [-] virmundi|9 years ago|reply
This applies not merely to Bob in Accounting that's a dick, but to everyone: Congress! Start sniping political enemies. A jump drive here. A hard drive there. Soon, you could have 6 or so Congressional individuals going to jail for a child porn ring. The Feds would think it's a great prisoner dilemma. No one's turning on each other. Again, anonymous tip claiming that the right honorable Representative Duggans was watching kiddie porn late at night in his office. The same tipster told the police that while he was jacking it he thanked Representative O'Connel for the present over the phone (make sure to wait for an actual call so their is evidence).
Sure eventually all of this will die down. Until then, for $100 bucks and a few hours you can sit back, eat some popcorn and watch the system implode. Do it right and you'll get years of fun for everyone.
[+] [-] sametmax|9 years ago|reply
[+] [-] tptacek|9 years ago|reply
* The accused admitted to knowing the password and refused to provide it, on the auspices of not wanting investigators snooping through his files. Only later did they claim to have "forgotten" it.
* Prosecutors entered into evidence multiple factual claims establishing that the accused knew the password; for instance: years of eyewitness testimony demonstrating the accused entering the password from memory.
Whenever you get to an alarming conclusion like "this means forgetting the password to your laptop means life in prison", chances are, you've missed relevant details.
[+] [-] CPLX|9 years ago|reply
[+] [-] elcct|9 years ago|reply
So data has become new drugs ;)
[+] [-] Kristine1975|9 years ago|reply
Also in this case the prosecution apparently has a bit more information that just "he did it":
A subsequent forensic exam of his Mac Pro computer revealed that Doe had installed a virtual machine ... the examiner found one image of what appeared to be a 14-year-old child wearing a bathing suit and posed in a sexually suggestive position. There were also log files that indicated that Doe had visited groups titled: “toddler_cp,” “lolicam,” “hussy,” “child models – girls,” “pedomom,” “tor- childporn,” and “pthc,” terms that are commonly used in child exploitation.
... The exam showed that Doe accessed or attempted to access more than 20,000 files with file names consistent with obvious child pornography... and that he used the external hard drives seized by Delaware County detectives to access and store the images.
[+] [-] coreyp_1|9 years ago|reply
If it is a "foregone conclusion", then they should have no problem convicting the guy without forcing him to testify against himself. If it is not a "foregone conclusion", then they have been lying and are illegally (unconstitutionally) depriving him of his freedom for months, without even charging him with a crime!
[+] [-] INTPenis|9 years ago|reply
So that's their basis for this "foregone conclusion" apparently. That at one point in time it was witnessed.
That is very dangerous logic.
The sadest thing in this is that it took child pornography to make the headlines, not political activism or journalism but the most despicable crime in our modern society.
[+] [-] tptacek|9 years ago|reply
We're unlikely to get it both ways: both a right to strong encryption without government interference and a right to defy court demands to decrypt specific files. But we'll see.
[+] [-] Bartweiss|9 years ago|reply
"That guy's totally guilty" isn't a basis for any kind of prejudicial action - either you have enough info to try him, or you don't have enough info to hold him on suspicion.
[+] [-] rubyfan|9 years ago|reply
Though we all hate the underlying accusation and no one wants to protect this kind of activity, it is important that the government play by the rules. To do otherwise sets the precedent for future abuse on less heinous cases.
[+] [-] officemonkey|9 years ago|reply
Decrypting his hard drive may lead to other charges against other people. If he knows that he can incriminate others, he may be waiting for a deal.
They're playing hardball with him right now. After six months in jail, watch them offer him a deal if he unlocks the hard drive. He gets a firm but reduced sentence (including time served) and they get more bad guys.
(Why yes, I have watched too many episodes of Law & Order, why do you ask?)
[+] [-] e40|9 years ago|reply
[+] [-] akerro|9 years ago|reply
Guilty unless proven otherwise. That's what constitution says.
[+] [-] tetrep|9 years ago|reply
[+] [-] 15155|9 years ago|reply
This cannot exist on "dumb" hardware.
[+] [-] upofadown|9 years ago|reply
Obviously not if the government needs the suspect to tell them where to find the porn in the keyspace. The porn at this point literally does not exist on the computer. The government is asking the suspect to find it for them there.
So the question here is; can the government compel someone to help the government find evidence against them?
This reminds me of something a Pakistani coworker said. He said that in the area of Pakistan he grew up in they had the best police force anywhere. There were no unsolved crimes. Someone always confessed...
So this is the same sort of thing. Torture someone long enough with indefinite detention and they will eventually come up with something to indict themselves with. There has to be something illegal in any well used computer.
[+] [-] cauterized|9 years ago|reply
[+] [-] tptacek|9 years ago|reply
[+] [-] mmf|9 years ago|reply
[+] [-] Benjamin_Dobell|9 years ago|reply
Prosecutors need sufficient evidence to obtain from a judge warrants, and in this case a decryption order, before they can hold you in contempt of court.
Of course, the evidence required for a warrant is still typically less than what is necessary to convict. The issue here is something to do with fifth amendment rights, which honestly I don't know a lot about because I'm Australian.
[+] [-] Havoc|9 years ago|reply
I've travelled with encrypted drives where I didn't know the password before. (Forgot it & was bringing the drive to someone for their own use after formatting).
[+] [-] probably_wrong|9 years ago|reply
No, forgetting your password is not a lifetime sentence. No, not knowing the password for an item you've never seen is not a lifetime sentence either. Refusing to obey a judge's order, however, will get you in trouble. Again, these people are not morons, and if they say the guy is only pretending to have forgotten his password (a dishonest criminal? shocking), they might have a good reason.
[+] [-] hiq|9 years ago|reply
Even if you think that chances are high that the guy both is guilty of some crime and remembers the password, that still leaves the "what if he is actually innocent and actually forgot his password" case. Indefinite prison sure seems a hard sentence in the latter case, which you cannot refute beyond reasonable doubt.
[+] [-] silveira|9 years ago|reply
If yes, than one could store a real secret X and store a false secret Y, something that looks like a secret enough to be perceived as a secret. Then in case of torture, government persecution, etc, the victim could reveal only Y.
[+] [-] rtkwe|9 years ago|reply
> Within the virtual machine the examiner found one image of what appeared to be a 14-year-old child wearing a bathing suit and posed in a sexually suggestive position. There were also log files that indicated that Doe had visited groups titled: “toddler_cp,” “lolicam,” “hussy,” “child models – girls,” “pedomom,” “tor- childporn,” and “pthc,” terms that are commonly used in child exploitation.
> The exam also found that Freenet, the peer-to-peer file sharing program used by Doe to obtain child pornography from other users, had been installed within the virtual machine. The exam showed that Doe accessed or attempted to access more than 20,000 files with file names consistent with obvious child pornography... and that he used the external hard drives seized by Delaware County detectives to access and store the images.
They have a pretty strong amount of evidence that what's in those drives will be CP.
[+] [-] mrwizrd|9 years ago|reply
https://en.wikipedia.org/wiki/Deniable_encryption
[+] [-] jmnicolas|9 years ago|reply
[+] [-] htns|9 years ago|reply
What this means is that by running a single freenet node you can monitor half a hundred others. What's surprising is that it hasn't been done earlier. You don't even have to commit a crime to do it as a civilian.
This could have been avoided if freenet was hoisted on top of tor (not totally trivial because freenet runs over udp) or had an onion routing layer of its own. If the glaring privacy flaw was fixed freenet would have amazing properties which tor lacks, namely very safe and scalable (no dos unless you take down the whole of freenet) static hosting and non-realtime communication in general, and utter censorship resistance. Trying to figure out who has a blob only spreads it around more.
It's a shame the ideas behind tor and freenet haven't come together in a popular project.
[+] [-] cypherpunks01|9 years ago|reply
Would someone continue to be held in contempt if they furnished a decrypted drive that didn't contain the information that court held as a "foregone conclusion" that it contained?
[+] [-] BillinghamJ|9 years ago|reply
[+] [-] oarsinsync|9 years ago|reply
[+] [-] jimrandomh|9 years ago|reply
[+] [-] maremmano|9 years ago|reply
[+] [-] chopin|9 years ago|reply
[+] [-] INTPenis|9 years ago|reply
> In fact, Doe had multiple layers of password protection on his devices, and he always entered his passcodes for all of his devices from memory. Doe never had any trouble remembering his passcodes (other than when compelled to do so by the federal court), never hesitated when entering the passcodes, and never failed to gain entry on his first attempt.
[+] [-] xaduha|9 years ago|reply
[+] [-] ommunist|9 years ago|reply
[+] [-] vox_mollis|9 years ago|reply
Is nobody else alarmed that OS X apparently logs any and all( or at least 20k records )file accesses by default? This is way too many to be found in the HFS journal, so it's clearly intentionally logging all accesses.
Edit: They also appear to have been able to deanonymize the defendant's FreeNet usage, though this could have easily been OPSEC violations rather than technical shenanigans.
[+] [-] ommunist|9 years ago|reply
[+] [-] kragen|9 years ago|reply
[+] [-] joshfraser|9 years ago|reply
[+] [-] andai|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]