pageok
pageok
pageok
District Court Overturns Magistrate Judge in Fifth Amendment Encryption Case:
Back in late 2007, I blogged a lot about a magistrate judge ruling in In re Boucher, a case involving a how the Fifth Amendment right against self-incrimination applies to access to encryption keys. I argued back then that the magistrate's decision was wrong on narrow grounds: Although the Fifth Amendment normally blocked the subpoena of encryption keys, in this particular case the facts divulged by compliance with the subpoena were already known to the government and therefore not privileged under the "foregone conclusion" doctrine.

  Although the 2007 ruling garnered a great deal of press attention (including articles in the Washington Post and the New York Times), it was only the ruling of a magistrate judge rather than an Article III District Judge. The government sought review of the case with an Article III District Judge (more or less an "appeal" from the ruling of the magistrate judge), and we have been waiting for a ruling from the District Court for about a year.

  A few days ago, District Judge William K. Sessions III finally handed down a ruling. I have posted the opinion here: In Re Grand Jury Subpoena to Sebastien Boucher. Judge Sessions's take was basically the same as mine in my 2007 post: He ruled that under the specific facts of this case, Boucher must decrypt the hard drive and produce to the government an unencrypted version of the drive. (Notably, the subpoena orders Boucher to produce to the government an unencrypted version of his hard drive, not to actually give the government his key.) There was no Fifth Amendment privilege because the government already knew the testimonial things that compliance with the subpoena would help show, making that a "foregone conclusion." From the opinion:
  Where the existence and location of the documents are known to the government, "no constitutional rights are touched," because these matters are a "foregone conclusion." Fisher, 425 U.S. at 411. The Magistrate Judge determined that the foregone conclusion rationale did not apply, because the government has not viewed most of the files on the Z drive, and therefore does not know whether most of the files on the Z drive contain incriminating material. Second Circuit precedent, however, does not require that the government be aware of the incriminatory contents of the files; it requires the government to demonstrate "with reasonable particularity that it knows of the existence and location of subpoenaed documents."
  Boucher accessed the Z drive of his laptop at the ICE agent's request. The ICE agent viewed the contents of some of the Z drive's files, and ascertained that they may consist of images or videos of child pornography. The Government thus knows of the existence and location of the Z drive and its files. Again providing access to the unencrypted Z drive "adds little or nothing to the sum total of the Government's information" about the existence and location of files that may contain incriminating information. Fisher, 425 U.S. at 411.
  Boucher's act of producing an unencrypted version of the Z drive likewise is not necessary to authenticate it. He has already admitted to possession of the computer, and provided the Government with access to the Z drive. The Government has submitted that it can link Boucher with the files on his computer without making use of his production of an unencrypted version of the Z drive, and that it will not use his act of production as evidence of authentication.
  Because Boucher has no act of production privilege to refuse to provide the grand jury with an unencrypted version of the Z drive of his computer, his motion to quash the subpoena . . . is denied.
That seems correct to me, as explained in my original post and expanded on at length in this post. I suppose the next question will be whether Boucher will comply with the subpoena, or whether he will "forget" the key or just refuse to comply and face contempt charges instead. Stay tuned.
Just a thought:
I wonder if Judge Sessions's law clerks read the Volokh Conspiracy. :)
2.24.2009 4:23pm
ruuffles (mail) (www):
Is there any advantage to doing what amounts to giving the gov't evidence that you possessed child pornography? Can he be held indefinitely for contempt?
2.24.2009 4:26pm
Dan Bentley (mail):
You introduce, in your 2007 post, a comparison to opening a safe. You say, if I understand correctly, that if he has already opened the safe before, then his fifth amendment right does not apply. Is that correct?

If so, could the defendant then refuse to say how the computer had been unlocked in the past? This would be equivalent to saying it was his safe, and saying he had been in it open in the past, but perhaps the combination had been entered by an assistant.

If the government has no direct knowledge of him having opened the safe, would the same narrow grounds of foregone conclusion still apply?

(IANAL, so I apologize if I phrased any of this inexactly or just plain wrongly.)
2.24.2009 4:27pm
CDU (mail) (www):
Boucher will comply with the subpoena, or whether he will "forget" the key or just refuse to comply and face contempt charges instead.


Given the amount of time that's passed, forgetting the password would actually be pretty reasonable, particularly if he chose a strong password (IIRC the government failed to break his password with a dictionary attack, so it's probably a fairly strong password).
2.24.2009 4:29pm
Monty:
It strikes me as un-just that the only way they won this aurgument is because he previously decrypted the drive voluntarily. If he had refused initially, the line of reasoning would be inapplicable, and he would not be forced to decrypt...

Also, I to am interested in the power of the court to hold him in contempt in an attempt to force disclosure. Will the court just allow a negative inference instruction?
2.24.2009 4:35pm
ruuffles (mail) (www):
Another question: the court only ordered him to produce an unencrypted version of the hard disk. They couldn't know whether it was actually that. What prevents him from just giving them a random hard disk and saying "oops, got corrupted." Even if they force him to produce something similar, how would they know the pornography on the new hard disk is actually the same (child) pornography the agent saw?
2.24.2009 4:39pm
Anderson (mail):
Waiting a YEAR for resolution of an appeal from a magistrate's order?

Damn.
2.24.2009 4:42pm
Anderson (mail):
Given the amount of time that's passed, forgetting the password would actually be pretty reasonable, particularly if he chose a strong password (IIRC the government failed to break his password with a dictionary attack, so it's probably a fairly strong password).

Concur. Until I started rotating passwords, you could've put me in jail for a long time and I couldn't have told you my password from a year ago.

Tho given the nature of the stored files, perhaps the feds were using an insufficiently vulgar dictionary.
2.24.2009 4:53pm
Splunge:
Oh, phoo, who would be so silly as to refuse to decrypt the drive? Much wiser to simply, ha ha, "decrypt" it and find that it contains nothing very much after all, fiddling stuff, whatever the government already knew was there plus some perfectly innocent other stuff.

What? You say you don't believe the "decryption" was just a decryption? Prove it, copper.
2.24.2009 5:11pm
ruuffles (mail) (www):
@Splunge

That reminds me, there are some popular encryption products (can't recall the names but they are widely available) that allow for phantom partitions with different passwords. You enter one password, you get your real data. You enter another password and you get some dummy data. In this case, real data could be the child porn and dummy data could be legal porn. Considering the encryption makes it impossible to discern whether there are even more than one partition, how could the gov't argue the dummy data wasn't the real data?
2.24.2009 5:20pm
OrinKerr:
Splunge,

My understanding is that it would be quite easy to show that the hard drive was tampered after it was decrypted. Plus, assuming that Boucher does not have some sort of delete program on his computer that would truly delete files (rather than just mark the space as free), the files would still be there. In addition, I assume the government would only give Boucher a digital copy of the encyrpted drive, not the original. Given that, I would think it extremely unwise to try what you're suggesting.
2.24.2009 5:22pm
zippypinhead:
What prevents him from just giving them a random hard disk and saying "oops, got corrupted." Even if they force him to produce something similar, how would they know the pornography on the new hard disk is actually the same (child) pornography the agent saw?
You mean other than he'd be buying himself prosecution for obstruction of justice and criminal contempt of a court order?

On the facts of this case it's not possible - the government seized the defendant's laptop during the border search. The issue here is whether there's a Fifth Amendment privilege to not produce the PGP encryption password for the "Z" drive partition on the laptop's HDD. The laptop is already presumably sitting in the evidence locker at a Federal criminal computer forensics lab somewhere.

Although you ask a good question if one assumes hypothetically that this was a subpoena for a physical computer HDD. If someone tried to pull a switch like you propose where just some partitions or file directories are encrypted (while the programs and OS portions aren't), there would be plenty of forensic crumbs on the unencrypted portions of the HDD to be able to ascertain with a fair degree of certainty whether the produced drive really was the HDD from the target computer. If he were to produce a partially or totally wiped drive and try the "oops, bad disk" line, it would be possible to determine whether and when it was systematically wiped. I have heard of a number of computer crime cases where the presence of HDD wiping software like the wonderfully-named "Evidence Eliminator" itself was relevant evidence of criminal mens rea.

So what's the incentive for the defendant to cough up the key to the images? It allows him to set up the endgame so he can get credit under the Sentencing Guidelines for cooperation and acceptance of responsibility. If he obstructs, he not only gets no credit, in fact he will face an obstruction enhancement. Or to put it crassly, if he plays games, he buys himself more quality time with a cellmante named Spike...
2.24.2009 5:25pm
ruuffles (mail) (www):
Here is the product I was referring to


It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.


more details here

http://www.truecrypt.org/docs/?s=hidden-volume

If the gov't doesn't need the hard drive for a conviction, why would they continue to try to get it?
2.24.2009 5:29pm
zippypinhead:
ruuffles -

I doubt the truecrypt fake volume gambit would work terribly well when you're dealing with Federal computer forensics agents who have either the original HDD or a full image of the disk made with a forensic copying suite like EnCase. First problem is that they'd see the program is on the computer, which would immediately set off alarm bells. And because they're working from a forensic image, they'll be able to see the size and number of any encrypted partitions. They will fairly readily figure out what the tendered password does, and does not, unlock.

Where that program might work is when you're dealing with somebody who can't do a forensic sweep of the physical HDD. Like your boss or your wife, perhaps. But not the computer squad guys.
2.24.2009 5:40pm
OrinKerr:
If the gov't doesn't need the hard drive for a conviction, why would they continue to try to get it?

It's a bit more complicated than that, but for one thing, the Sentencing Guidelines for the offense set the presumptive sentence on the number of images and types of images. That can only be known by analyzing the computer.
2.24.2009 5:41pm
OrinKerr:
Oh, and what zippypinhead said.
2.24.2009 5:42pm
David Schwartz (mail):
I believe the decision is incorrect for a technical reason. The decryption key is precisely akin to the location of the information.

The government's situation is akin to a case where a person confesses to causing someone's death and hiding the body but denies the killing was intentional. The government wants to extract where the body is hidden. The government knows roughly where the body is but can't quite get at it.

This is analogous. The search for the decryption key by a dictionary attack and brute force is akin to the search for a body with dogs and search parties.
2.24.2009 5:46pm
ruuffles (mail) (www):
@zippypinhead

Not questioning the resources of the FBI or Customs, but the developers at TrueCrypt apparently thought about at least one of your points:


Q: Is it possible to use TrueCrypt without leaving any 'traces' on unencrypted Windows?

A: Yes. This can be achieved by running TrueCrypt in traveler mode under BartPE. BartPE stands for "Bart's Preinstalled Environment", which is essentially the Windows operating system prepared in a way that it can be entirely stored on and booted from a CD/DVD (registry, temporary files, etc., are stored in RAM – hard drive is not used at all and does not even have to be present).

If something is encrypted, all forensic analysis will have revealed are random (digital) bits. You can't do anything more once you have those bits as the mathematical principles behind encryption stand in the way.

This specific case apparently lacks these juicy complexities so anything interesting in way of technical details will probably have to wait.
2.24.2009 5:51pm
Monty:

So what's the incentive for the defendant to cough up the key to the images? It allows him to set up the endgame so he can get credit under the Sentencing Guidelines for cooperation and acceptance of responsibility. If he obstructs, he not only gets no credit, in fact he will face an obstruction enhancement. Or to put it crassly, if he plays games, he buys himself more quality time with a cellmante named Spike...



If the gov't doesn't need the hard drive for a conviction, why would they continue to try to get it?



Thats the point, so he should cooperate so that he gets a felony conviction, life time sex-offender registration and prison, but slightly less prison than he would otherwise get?

Or he could refuse to decrypt, and have a real chance of avoiding conviction... Can a judge lock him away for years for refusing to help the gov't convict him? I'm not very familar with the extent the contempt system can be used to compell evidence...
2.24.2009 5:54pm
Oren:

I suppose the next question will be whether Boucher will comply with the subpoena, or whether he will "forget" the key or just refuse to comply and face contempt charges instead. Stay tuned.

Moreover, the process of this trial is quite stressful and, as we know, stress can induce loss of memory.

ruuffles, the problem is that the government already knows that partition Z is encrypted. Given that, they can conclusively test whether a given key is the correct one very quickly.

Incidentally, this is why I advocate keeping illegal materials on microsd cards. If you can eat it, you can beat it.
2.24.2009 6:29pm
ruuffles (mail) (www):

ruuffles, the problem is that the government already knows that partition Z is encrypted. Given that, they can conclusively test whether a given key is the correct one very quickly.


Notably, the subpoena orders Boucher to produce to the government an unencrypted version of his hard drive, not to actually give the government his key.

no key, no verification. On that note, when this occurs "in the real world," with paper documents, for example, how does the gov't authenticate those produced are the ones they want and not others?
2.24.2009 6:32pm
Oren:

no key, no verification. On that note, when this occurs "in the real world," with paper documents, for example, how does the gov't authenticate those produced are the ones they want and not others?

Do you really think that the government can't modify its subpoena to include the encryption key used as well as the unencrypted contents?

IRL, it's probably a big mistake to forge documents that the government wants. The coverup is usually worse than the crime.
2.24.2009 6:47pm
A K:
zippypinhead: I believe you're wrong.

Let's say password A unlocks 50% of a file, creating a volume. Based on what I've read, you still can't prove that a specific 20% of the same file is another volume.

If the FBI could prove that remaining 20% is a volume, they could just unlock the entire file in the first place.

Now if I had two different files, then yes, it's obvious that I have multiple things to unlock, but that's not the thing as a hidden volume. You might also want to check out http://en.wikipedia.org/wiki/Rubberhose_(file_system)

Monty: This WSJ article suggests that the federal court system limits civil contempt imprisonment to 18 months.

As this would a coercive contempt charge - "Produce the key" - as opposed to a criminal "You were rude to a judge" contempt charge, no trial would be required.
2.24.2009 6:57pm
Oren:

Let's say password A unlocks 50% of a file, creating a volume. Based on what I've read, you still can't prove that a specific 20% of the same file is another volume.

That's correct, but if the agent already knows that the "inside" 20% exists and contains file A, then he has more information than you have postulated.
2.24.2009 7:22pm
Dilan Esper (mail) (www):
This decision strikes me as correct under current caselaw, but one of the great mistakes that the law ever made was getting away from Justice Bradley's Boyd doctrine. A proper and reasonable interpretation of the self-incrimination clause would be that the government can never force you to do anything to assist in its gathering of evidence against you. If the government can't figure out to get in the hard drive, that's the government's problem; I don't see how forcing the suspect to do it for the government is anything other than classic self-incrimination.

I acknowledge, however, that this is nowhere near being the law, and under the law as it currently stands, Professor Kerr's and Judge Sessions' position appears absolutely correct.
2.24.2009 7:33pm
David Schwartz (mail):
Well, we slid down a slippery slope with things like handwriting exemplars and DNA.
2.24.2009 7:46pm
anonymike:
Anyone interested in learning more about drive encryption and internet security should google "dr who Security and Encryption FAQ Revision 16.1". The links are to a comprehensive faq on how encryption works and how to secure data on your computer. A very interesting read if you are interested in the subject.
2.24.2009 8:13pm
Soronel Haetir (mail):
I have to agree with Dilan Esper here. With a warrent the government should be able to seize any tangible items they can locate that fall under the terms of the warrent, however producing anything from that material should be the government's job.

I would however say that blood, hair, etc are different from a handwriting or voice exemplar in that they can be gathered from an unwilling subject. Anything that requires the active participation of a non-cooperator should be out of bounds.
2.24.2009 8:22pm
Public_Defender (mail):
What are the penalties for contempt/obstruction? I'd guess that they'd be less than the penalties for child pornography, but I could easily be wrong on that. On the other hand, I doubt that it would be ethical for defense counsel to advise his client to take a contempt hit.
2.24.2009 9:00pm
keith_talent:
The government is only asking for an unencrypted hard drive, not the password. That's interesting, because the government may not be able to independently prove that the unencrypted hard drive corresponds to the encrypted hard drive.

I think Hubble bars the government from relying on the fact that the defendant turned over the unencrypted hard drive in response to the subpoena, to demonstrate that the unencrypted drive is the same as the encrypted drive.

As the Court explained in Hubble: "It was only through respondent's truthful reply to the subpoena that the Government received the incriminating documents of which it made 'substantial use . . . in the investigation that led to the indictment.'" 42-43. A footnote emphasizes that the reliance on the truthfulness of the subpoena response implicates the testimonial aspects of that response.
2.24.2009 9:38pm
pintler:

I doubt the truecrypt fake volume gambit would work terribly well when you're dealing with Federal computer forensics


Disclaimer: I am a computer nerd, but don't specialize in encryption. I have read the TrueCrypt documentation, and they have a good reputation, and it seems plausible to me that you can do the two passwords, two volumes thing in a way that allows you to plausibly deny the second volume.

Secondly, I think we will need some jurisprudence about lost passwords. Encryption is a coming thing, with HIPAA, FERPA, and all that. I'd hate to be Mr. Lowly Clerk who has some dusty CD-ROMs in a drawer when the FBI carries off the company records while investigating my boss, and be unable to remember the old passwords.
2.24.2009 9:39pm
Anderson (mail):
Oh, and what zippypinhead said.

One of the charms of language is how one finds oneself uttering sentences that one had never expected to formulate.

As for the "fake password," the only really sound solution would be one where the fake password ruined the data ... but it seems from the above comments that it's not feasible to do so w/out the police knowing.

I would be a lot more into rooting against the Thought Police and all that if it weren't child porn. Thanks for ruining my kneejerk anti-authoritarianism, you callous perverts.
2.24.2009 10:29pm
xyzzy:
Professor Kerr,

You and Judge Sessions may have the correct take on applicable precedent. But you and Judge Sessions have lost sight of the Constitution. In the present case, the government seeks no more than wrest a fact from a man's own mind.

I see no reason why any person should treat this decision with anything more than utter contempt.

The law has lost its reason.
2.24.2009 10:34pm
Dilan Esper (mail) (www):
xyzzy:

Now calm down here. I probably agree with you more than disagree about how the Constitution should be interpreted with respect to this issue. But Professor Kerr is blogging as to what the law is, not what is necessary the ideal legal rule or even the most plausible interpretation of the broad language of the Fifth Amendment. He hasn't "lost sight of the Constitution"-- he was saying where the law currently stands, which is a service to his readers.

And why hold Judge Sessions in "utter contempt"? He is required to follow applicable precedent and reach a decision consistent with it. And as you concede, applicable precedent supports the result he reached. There are plenty of judges, all over the country, who issue rulings every day that they do not agree with on the merits, because they are compelled to do so by applicable precedent. Are all of those judges to be held in "utter contempt"?

I would like to see a Fifth Amendment interpretation that is much more protective of the non-testimonial manners in which people can be compelled to incriminate themselves. But that isn't what we have now. And Judge Sessions is obligated to follow what the law is now, and Professor Kerr is perfectly justified in writing about it.
2.24.2009 11:13pm
Splunge:
My understanding is that it would be quite easy to show that the hard drive was tampered after it was decrypted.

Oh, of course. Gosh, what could I have been thinking?

I certainly couldn't figure out any way to swindle the government lawyers on this deal without leaving a molecule of footprint. No sirree bob. You could certainly trust that any copy I give you of my decrypted drive is just that.
2.24.2009 11:15pm
OrinKerr:
xyzzy writes:
Professor Kerr,

You and Judge Sessions may have the correct take on applicable precedent. But you and Judge Sessions have lost sight of the Constitution. In the present case, the government seeks no more than wrest a fact from a man's own mind.

I see no reason why any person should treat this decision with anything more than utter contempt.
I guess I'm not sure where you're getting your notion of what "the Constitution" means, unless your version of the Constitution simply lacks the foregone conclusion doctrine. However, I think it's interesting that the decision here is actually quite similar to what I believe is the first Fifth Amendment decision, a decision by Chief Justice Marshall, United States v. Burr, from 1807. You may think that Chief Justice Marshall didn't know anything about the Constitution, or that he lost sight of it, or that he deserves your utter contempt. But I think Burr suggests that the issues here are not so simple as you suggest.
2.25.2009 12:08am
D K Warren (mail):
You get nabbed at a DUI checkpoint after having several rounds of beer at your local bar. Do you take the breathalyzer and give them scientific proof of your unlawful blood alcohol level, or do you refuse and force them to prove it based on the other circumstantial evidence while running the risk of getting your license suspended for the refusal?

Similar dilemma.

Assuming Boucher were charged with simple possession of child pornography under 18 U.S.C. § 2252A and there were no aggravating circumstances (such as prior convictions or efforts to arrange a sexual encounter with an actual child), that charge would carry a statutory penalty range of zero to 10 years’ imprisonment, 18 U.S.C. § 2252A(b)(2), while the distribution or receipt of the same pornographic material subjects a defendant to a statutory mandatory minimum sentence of 5 years and a maximum of 20 years. 18 U.S.C. § 2252A(b)(1).

Luckily for the defendant, there is only a single, seldom-applicable cross reference under the federal sentencing guidelines (thus reducing the chance that he’d be held accountable for conduct beyond those which were the basis for his conviction).

However, depending on the quantity and nature of the actual images, Section 2G2.2 of the federal sentencing guidelines contains some brutal enhancements for certain image quantity thresholds and image characteristics, such as those depicting prepubescent children or forms of sexual violence.

If he refuses to comply with an order to reveal the password he’s subject to civil and criminal contempt charges along with obstruction of justice. The maximum sentence for civil contempt is 18 months. 28 U.S.C. § 1826. The maximum penalty for criminal contempt is whatever the judge wants it to be, within reason. See this section of the U.S. Attorneys’ Manual; see also, §2J1.1 of the Federal Sentencing Guidelines Manual. One of the longest sentences imposed, and upheld on appeal, for criminal contempt was 5 years (which is also the maximum for obstruction). U.S. v. Papadakis, 802 F.2d 618 (1986).

Of course, the Supreme Court has determined (and reaffirmed several times since) that the federal sentencing guidelines are only advisory.

It appears they have enough already to convict Boucher on possession of child pornography and that some of the material shows child rape. If he allows them access to the rest of it, he many give them enough additional evidence to ratchet-up his sentence close to the 10 or 15-year maximum. It’s not likely that any favor he might curry by cooperating will be enough to offset that additional increase - especially since he's already refused and a judge might view any cooperation as involuntary or insincere. And depending on what’s in the hidden files, it’s possible he may reveal evidence of new crimes such as solicitation or molestation where he himself is the perpetrator.

Nonetheless, an attorney shouldn’t simply advise a client to commit a crime, in this case obstruction or contempt by refusing to reveal the password. Instead, that’s a decision which should be left to the client after the attorney discusses the potential consequences, what alternatives might exist, what defense theories he has in mind, among other considerations.

Going back to the DUI breathalyzer analogy, this opinion by the Alaska Bar Association describes the conditions upon which it’s permissible for an attorney to advise a client to refuse to submit to an otherwise lawful breath test.

And it’s worth noting that in Maness v. Meyers, 419 U.S. 449 (1975), the U.S. Supreme Court reversed the contempt conviction of an attorney who, during a trial, counseled his clients not to respond to a subpoena to produce documents. The Court held that the client may risk contempt for failure to comply, but the attorney may not be convicted of contempt for rendering his advice in good faith. The Court stated that the advice of an attorney to a client in the exercise of the client's Fifth Amendment privilege is an integral part of the protection accorded to the client by the Fifth Amendment, even when that advice may be substantively incorrect. Id. at 467-68, citing to In re Watts, 190 U.S. 1 (1903).

Lastly, the district court’s ruling now brings the United States into line with the United Kingdom on this issue. See this article discussing the criminal appellate court’s ruling from October of last year.
2.25.2009 1:20am
JaredS:
I am a computer nerd, but I will be less modest. I am right, and everything directly contrary to what I say is wrong.

Regarding the point that Boucher has only been ordered to produce the unencrypted drive (presumably after being supplied a copy of the seized drive):

In general, given an encrypted drive image and a purported unencrypted drive image of the same size as the encrypted portion, and that alone, any ability to prove or disprove that they correspond represents a vulnerability in the cipher or mode of operation of the disk encryption. It would be shocking if PGPDisk has such a vulnerability.

It is correct that in this case, where the encrypted drive was used with an unencrypted system drive, there would likely be evidence if an unrelated "decrypted" drive image were provided. However, the suspect need not provide an unrelated drive image. He could decrypt the drive, tamper with it, and provide the tampered drive image. There is no law of the universe requiring that such tampering be stupid. The suspect need not boot from the drive, let alone install a program named "Evidence Eliminator". I agree that sophistication would be require to avoid evidence of tampering, but replacing the contents of each illegal file with legal contents of the same general type without leaving any illegal contents or evidence of tampering is substantially easier than creating a plausible drive from scratch to correspond to the unencrypted system drive, which might be nearly impossible.

I don't deny the risk to the suspect of later being compelled to produce the key. The production of the correct key would expose the tampering, and just for the record the suspect would certainly not be able to produce a key that decrypts the original encrypted drive to his slightly tampered copy.

Regarding the use of hidden drives (a general discussion unrelated to the facts of this case):

The general idea is that you have a large "outer" encrypted drive where the decrypted free space is initialized to random data. Some portion of this space might optionally be the hidden drive, which is encrypted with a separate key and indistinguishable from random data without it. The same program that handles the outer drive's encryption handles the hidden drive's if it is present and that key is given. Thus, the program no more implies the existence of a hidden drive than the outer encrypted drive does in the first place.

With respect to TrueCrypt, it is probably one of the most popular free disk encryption programs for Windows if not the most popular. It presumably has many users who do not use the hidden drive feature (for example, many users just want full disk encryption to protect against a lost or stolen laptop), and thus it need not imply the presence of a hidden drive the way that "Evidence Eliminator" implies wiping was performed.

However, quite careful precautions are needed to avoid creating strong indirect evidence of the hidden drive in the other portions of the outer drive. I make no representation that the TrueCrypt software takes adequate precautions or that following the instructions on its website constitutes adequate precautions, nor do I claim the opposite.
2.25.2009 1:50am
Public_Defender (mail):
All the technical information about TrueCrypt may be interesting, but it is beside the point. This idiot showed part of his real hard drive to the officer. Unless he created a partial-porn hidden drive (unlikely, to say the least), he can't use the feature.

This case shows that we users are probably the weakest link in the security chain. If you want your encryption to work, don't unencrypt it for the people you want to hide it from.

As to my previous post, I think it would be ethical to advise the client to take a contempt hit to test the judge's ruling on appeal, but unethical to advise the client to refuse a court order simply because the price of compliance is higher than the price of defiance. But you could say, "Here are your options: Option A, 18 months in prison on contempt; Option B: Many years in prison on a sex offense plus a lifetime of registration. As your lawyer, I must advise you to take Option A."

But I somehow doubt that the system would impose only 18 months for defiance of this court order. In cases like this, the system has a way of getting what it wants.
2.25.2009 5:37am
Oren:


But I somehow doubt that the system would impose only 18 months for defiance of this court order. In cases like this, the system has a way of getting what it wants.


Whatever the contempt sentence is, it doesn't come with a lifetime of wearing a scarlet letter.
2.25.2009 9:25am
xyzzy:
Professor Kerr, Dilan Esper.

I'm sorry. I don't think there's really anything left to discuss here. The issue is clearcut.

The Fifth Amendment was adopted after a long history, which includes, among many other things, the oath ex officio and the trial of John Lilburne in camera stelat'.

You appear to have lost sight of that history. I say that because you appear to have lost any proper regard for the abuses of that earlier age. And thus, I say, you have lost sight of the Constitution.

Men with rude force may seek to press Mr Boucher to condemn himself. And men with clever sophistry may justify that pressing. But it is wrong.

I repeat myself: I have nothing but contempt for this decision.
2.25.2009 10:20am
Oren:

I repeat myself: I have nothing but contempt for this decision.

No, you have nothing but contempt for the precedent that this district court must follow. At least direct your irrational scorn at the proper target.
2.25.2009 10:33am
Turk Turon (mail):
Possession of illegal information... interesting concept.

In an earlier discussion of this case it was suggested that the Fifth Amendment allows a suspect to literally "go limp" and challenge the prosecution to convict him. What about it?

I agree with the earlier poster who advised taking the contempt sentence; anything is better than the Scarlet Letter.

Question: if the suspect were a detainee at Gitmo, could the gov't hold him indefinitely without trial for refusing to provide the encryption key to his laptop?
2.25.2009 10:42am
Oren:

In an earlier discussion of this case it was suggested that the Fifth Amendment allows a suspect to literally "go limp" and challenge the prosecution to convict him. What about it?

IRL, going limp can be criminalized as resisting arrest or obstructing a police officer.


'This attack was recently rejected in Landry v. Daley (N.D.Ill.1968), 280 F.Supp. 938, 959. In that case the court emphasized that the statute requires knowing resistance or obstruction, '(which) considerably narrows the scope of the enactment by exempting innocent or inadvertent conduct from its proscription' (280 F.Supp. at 959). The court further noted that the statutory terms convey commonly recognized meanings. 'Resisting' or 'resistance' means 'withstanding the force or effect of' or the 'exertion of oneself to counteract or defeat'. 'Obstruct' means 'to be or come in the way of'. These terms are alike in that they imply some physical act or exertion. Given a reasonable and natural construction, these terms do not proscribe mere argument with a policeman about the validity of an arrest or other police action, but proscribe only some physical act which imposes an obstacle which may impede, hinder, interrupt, prevent or delay the performance of the officer's duties, such as going limp, forcefully resisting arrest or physically aiding a third party to avoid arrest.' (280 F.Supp. at 959). We agree with these observations, and we hold that section 31-1 is neither vague nor overbroad.' (link, my emphasis)
2.25.2009 10:56am
David Schwartz (mail):
In an earlier discussion of this case it was suggested that the Fifth Amendment allows a suspect to literally "go limp" and challenge the prosecution to convict him. What about it?
Nothing in this case suggests that Boucher could not have "gone limp" had he chosen to do so. The reason Mr. Boucher is in trouble in this case is because he did not choose to go limp and instead did assist.
2.25.2009 12:25pm
David Schwartz (mail):
Second Circuit precedent, however, does not require that the government be aware of the incriminatory contents of the files; it requires the government to demonstrate “with reasonable particularity that it knows of the existence and location of subpoenaed documents.”
IMO, to argue that you know the "location" of an encrypted document when you have no idea how to decrypt it is ridiculous. The encryption key is part of the location in the sense that you cannot "find" the document without it.
2.25.2009 12:27pm
David M. Nieporent (www):
IMO, to argue that you know the "location" of an encrypted document when you have no idea how to decrypt it is ridiculous. The encryption key is part of the location in the sense that you cannot "find" the document without it.
No, you can't read it without it. You can find it -- no scare quotes needed around find at all. It's on the hard drive.
2.25.2009 1:45pm
David Schwartz (mail):
It's on the hard drive somewhere.
2.25.2009 2:17pm
whit:

It's on the hard drive somewhere


a distinction w/o a difference.

if i apply for a search warrant given that i have PC to believe porn is on a HD, i do not have to specify the location of each nibble.

a hard drive is enough of a "place" to work.
2.25.2009 5:44pm
David Schwartz (mail):
I think you're missing my point. My point is that a decryption key is legally analogous to a location, not that it actually is a location. That is, the logic that says the government cannot compel the location of the information from Boucher should also say that they cannot compel the decryption key from Boucher. Their situation is precisely the same as if they didn't know where the hard drive was and Boucher did. There is no substantive difference.
2.25.2009 10:53pm
whit:
david, that's a different point. i agree . i did miss it.

it sounds wrong to me because a decryption key is legally analogous to... a key or combination imo.

but i'll need to think about it more.
2.26.2009 3:24am
xyzzy:
Whit,

It doesn't matter what a decryptation key is analogous to. This password is actually held in Mr Bourcher's mind. That is, the password is manifested as a thought.

Thoughts may be analogous to a lot of things. But your thought of an automobile is not an actual autobile. Thoughts of physical things are not the physical things themselves.

That simple observation holds for whole classes of mental constructs and physical objects. As Korzybski famously pointed out, “The map is not the territory.”

The password exists in Mr Boucher's mind.

 . . . .

Mr Boucher is accused of posessing contraband images. Those “images”, such as they are, actually exist as magnetic transitions. And the government cannot demonstrate a transformation from that magnetic coding to anything that a sane person would recognize as a contraband image. Yet, the government still insists that these particular magnetic domains are indeed contraband.

The government concedes that to prove the truth of their averment, they need the aid of the password held in Mr Boucher's mind.

The text and history of the Fifth Amendment forbid the government's seizure of Mr Boucher's thoughts in order to convict him of a crime.

The government does not even attempt to request a search warrant for Mr Boucher's mind. No do they even attempt to compell him to yield up his thought.

Instead, the judge cruelly finesses the constitutional bar by pretending it does not exist. He orders without actually saying so in so many words. The judge engages in a legalistic sham.

The defenders of Judge Session's sham reasoning claim that it compelled by precedent. That may be. I make no claim about Judge Session's personal mental state.

But the law has reached an insane state. An unreasonble state.
2.26.2009 10:05am
Oren:

Instead, the judge cruelly finesses the constitutional bar by pretending it does not exist. He orders without actually saying so in so many words. The judge engages in a legalistic sham.

The judge follows the precedent that, as a lower court judge, he cannot simply ignore just because he doesn't like it. We all disagree about what the words in the Constitution dictate about actual legal procedure, turning this into a tawdry morality show is childish and evinces a lack of desire to address the issues.

As I said before, if you are going to be irrationally scornful, at least direct that scorn at the appropriate target.
2.26.2009 11:01am
Oren:
Incidentally, if you formulate your position with less hyperbole, I'd probably agree with you on the broader proposition that the government cannot compel the disclosure of a password.

This case is complicated (and hence interesting) because the defendant already, in fact, demonstrated to a Federal agent that those magnetic transitions on his hard drive are, in fact, child pornography. So what you said:

And the government cannot demonstrate a transformation from that magnetic coding to anything that a sane person would recognize as a contraband image. Yet, the government still insists that these particular magnetic domains are indeed contraband.

is not actually true. We have eyewitness testimony from a reliable source that saw, with his own eyes, that those magnetic bits actually do encode contraband. How can you reconcile your position in this case with those facts?
2.26.2009 11:08am
xyzzy:
We have eyewitness testimony from a reliable source that saw, with his own eyes, that those magnetic bits actually do encode contraband.


So indict him on the basis that a single witness saw something that is not replicable. Or don't indict him.

The point is simply that the government concedes it cannot demonstrate the transformation to anyone else.

Oren, I'm not really trying to pursuade you, or especially Professor Kerr. I just don't think we have enough common ground.
2.26.2009 11:43am
David Schwartz (mail):
The argument that the production of the password is non-testimonial is nonsense. The production of the password by Boucher testifies that one possible decryption of the hard drive is the one Boucher possessed. This is the very thing the government needs to establish to convict Boucher.

Fisher, the case this court is relying on, is readily distinguishable because Fisher was not being compelled to do anything personally. However, the reasoning in Fisher by which such compulsion would have been allowed is that nothing testimonial would have been compelled.

As for the "foregone conclusion" doctrine, it is also moored in the notion that what is compelled is not testimonial.

The existence and location of the papers are a foregone conclusion, and the taxpayer adds little or nothing to the sum total of the Government's information by conceding that he, in fact, has the papers. Under these circumstances, by enforcement of the summons, "no constitutional rights are touched. The question is not of testimony, but of surrender."


Boucher is not being asked to surrender anything but to testify that one particular decryption of the hard drive is the one he intended/possessed.
2.26.2009 2:17pm
whit:
first of all, just because something involves speech does not (necessarily) make it testimonial.

if i ask a DUI suspect to recite the letters of the alphabet, that is not testimonial evidence.

also, as OREN notes, somebody has already seen the images.

an analogy to me would be if the images were stored in a combination lock safe that the govt. could not enter without the combination (it has really good lock on it).

is the combination a "thing" like a key to a key safe would be, or not?

that seems a better analogy to me.
2.26.2009 3:05pm
whit:
first of all, just because something involves speech does not (necessarily) make it testimonial.

if i ask a DUI suspect to recite the letters of the alphabet, that is not testimonial evidence.

also, as OREN notes, somebody has already seen the images.

an analogy to me would be if the images were stored in a combination lock safe that the govt. could not enter without the combination (it has really good lock on it).

is the combination a "thing" like a key to a key safe would be, or not?

that seems a better analogy to me.
2.26.2009 3:05pm
David Schwartz (mail):
an analogy to me would be if the images were stored in a combination lock safe that the govt. could not enter without the combination (it has really good lock on it).
Only because the combination does not change the contents of the safe.

Right now, there are myriad possible decryption keys, each of which yields a different contents of the hard drive. By revealing the password, Boucher testifies that one particular decryption of that hard drive is the one he possessed.

It is *not* analogous to a combination lock. Entering different combinations doesn't change the contents of the safe.

If you want a safe analogy, how about this one: Boucher tosses his safe on a giant pile of safes. The government has no idea which safe is Boucher's. They want him to try his combination on every safe to see which one he opens, so they can tie the contents of that safe to Boucher.

They could, of course, force open every safe. But then, how do they prove which safe's contents are Boucher's?

Still think the combination is not testimonial? The government wants to prove that the contents of one particular safe belong to Boucher and not the others.
2.26.2009 4:49pm
whit:

Still think the combination is not testimonial?


i never said that. i said just because speech is the medium does not necessarily make something testimonial. i haven't come to a conclusion in this case.

as for the "contents" thang.

there is (strong) probable cause that

1) there is contraband on the hard drive
2) the contraband is concealed via encryption

you are saying the contents are "changed".

well, if i was in possession of a stolen piece of art, and i cut it up into tiny little pieces, it is still a stolen piece of art. the contents haven't changed.
assuming these pieces were small enough, the govt. couldn't reconstruct the painting by gluing the pieces in proper order UNLESS the suspect gave them the information about how the pieces were arranged.

so, i guess your statement is that by mixing the bits around and even changing the underlying ascii code of each bit (not sure if both are done by this encryption prog) that the CONTENTS are changed.

one could argue the FORMAT of the contents are changed, but the contents aren't.
2.26.2009 5:39pm
Crafty Hunter (www):
It is a pity that this case should be about what appears to be a detestable pervert. Hard cases make bad laws and rulings.

Still, regardless of the "legality" of it, I have only extreme contempt for the notion that a man should be forced at gunpoint to help his enemies screw him over in the courts. All the sophistry in the world will not change that simple fact of natural law.

If the coppers were to try to screw me over for say having encrypted information on a hard drive about how to casually and easily defeat digital rights management schemes for music or films with automated software, and the judge contemptuously ignored the fundamental right not to be terrorised into incriminating oneself, I'd tell the judge exactly where to shove himself and his lying sophistry.

It is affairs such as this that will eventually to very serious consequences for the current regime. It happened in 1776, and can happen again.
2.26.2009 5:48pm
David Schwartz (mail):
I think it's black letter law that Boucher cannot be compelled to produce testimonial evidence. Perhaps this is why the court didn't compel him to produce the encryption key but instead to produce the decrypted hard drive.

I'm puzzled how the government will then prove that Boucher possessed the decrypted contents of the hard drive. It would seem there's a serious chain-of-custody problem.

If they use the production against Boucher, then the production is testimonial. If they don't, they have no way to prove they seized the decrypted contents from Boucher.

The Government has submitted that it can link Boucher with the files on his computer without making use of his production of an unencrypted version of the Z drive, and that it will not use his act of production as evidence of authentication.
How will they link Boucher with the decrypted contents without using his production? That seems totally impossible to me.
2.26.2009 6:50pm
Oren:

Right now, there are myriad possible decryption keys, each of which yields a different contents of the hard drive.

Absolutely false. There is only one password that correctly decrypts the volume. In TrueCrypt, for instance, it is specified at at offset 64 with length 4 there exists the ASCII string "TRUE" and that some bytes are a CRC32 checksum for some other bytes. There is only one key for which those things are both true (barring some truly astronomical coincidence). Thus, for any particular key, we can test whether it is a valid decryption key or not (incidentally, TrueCrypt works in the following way -- when the volume is opened TC tries all possible algorithms until the checksum comes up correct. Otherwise, it would have to store the algorithm used in plaintext, which would reveal to an adversary that the volume is, in fact a truecrypt volume and not some random space -- i.e. it would leak information. The only way that TrueCrypt knows to report that a password is incorrect is by trying all possible algorithms and failing to get the ASCII string and checksum correct).

In practice, there is a one-to-one relationship between the ciphertext and plaintext, or else encryption makes no sense at all.
2.26.2009 8:12pm
David Schwartz (mail):
It is entirely possible that the contents are not a valid TrueCrypt volume. Even assuming that only one key gives a valid TrueCrypt volume, other keys give an invalid TrueCrypt volume.

TrueCrypt, by the way, does not guarantee that an invalid password will be detected as invalid. The ASCII string "TRUE" and a CRC32 checksum will still make one out of 18 billion billion incorrect passwords appear correct. If the key has more than 80 bits of randomness, there will be tens of thousands of keys that would test as valid.

A valid TrueCrypt volume, without knowing the password, is indistinguishable from an empty TrueCrypt volume.
2.26.2009 8:28pm
A. Nony Mouse (mail):
Extracting facts from people's minds under legal compulsion is creeping totalitarianism.

Look at anything the Department of "Justice" does, look at Ruby Ridge - look at Waco - look at the prosecutions of legal medical marijuana clubs in Cali - look at what DOJ did to Lynne Stewart - look at DOJ's repression of non-violent protesters - look at DOJ's campaign of legal terrorism against environmentalists guilty of nothing more than some juvenile property destruction - look at ADX Florence (a prison deliberately designed for purposes of torture) - look at the draconian asset forefeiture laws - look at the US Attorneys scandal - look the career of John "Organ Failure" Yoo - look at the imprisonment of journalists refusing to reveal their sources - look at the FBI's "Common Core" database of over 10 million Americans targeted for imprisonment (or worse) in the event of a national "emergency". This is just another example of the jackbooted thug culture of Washington law enforcement.

Indeed, look at any aspect of Federal "justice" and you see corruption, abuse of power, repression, oppression, and outright criminality. What is the Department of Justice but a criminal conspiracy to subvert, undermine, betray, and destroy the Constitution impersonating an agency of the US Government?

If any department of the Federal Government ought to be abolished, I would start and end there, and throw back all supposed "Federal crimes" to the states.
2.26.2009 9:57pm
A. Nony Mouse (mail):
About this alleged kiddie porn that the Customs official saw: is this guy even telling the truth? The Feds are known liars and deceivers, including under oath.
2.26.2009 9:59pm
whit:

About this alleged kiddie porn that the Customs official saw: is this guy even telling the truth? The Feds are known liars and deceivers, including under oath.


ah yes. the inevitable in VC. the anti-cop bigotry post.

"the cops are lying. they all lie. they are framing him"

i note this same paranoia is rarely applied towards defense attorneys.
2.26.2009 10:07pm
whit:

look at the prosecutions of legal medical marijuana clubs in Cali


not anymore per holder.

i didn't vote for obama, but this is one advantage of him over mccain. i strongly doubt mccain would have actually respected federalist principles and enacted this policy.
2.26.2009 10:10pm
Phil Karn (mail) (www):
I'm not a lawyer and I won't even pretend to be one. Can someone who is please explain the "foregone conclusion" doctrine, and how it applies? All these subtle distinctions you lawyers make are pretty much invisible to us laymen who haven't spent a lifetime watching judges stretch and contort language far from its ordinary plain meaning. In other words, there's no way I can deduce its meaning from first principles using logic. I need someone who has gone to law school to explain it.

Suppose Boucher hadn't been so stupid as to originally cooperate with the customs agent. Suppose the agent had turned on his laptop, seen a password prompt, and asked Boucher to enter his password. What would have happened had Boucher simply refused and said "take the laptop if you want it, I can always buy another one?"
2.26.2009 10:46pm
ADM:
You joke about whether he might "forget" (your quotes) the password.

But seriously, the guy hasn't had the drive in his possession for, what, a year and a half? If he hasn't had occasion to use the password for over a year and a half, and assuming it's a strong password and he doesn't use it for other things, how likely is it that he would remember? Do you remember all the passwords you used a year and a half ago?
2.27.2009 1:30am
Oren:

It is entirely possible that the contents are not a valid TrueCrypt volume. Even assuming that only one key gives a valid TrueCrypt volume, other keys give an invalid TrueCrypt volume.

True, except that we have reliable eyewitness testimony that it is, in fact, an encrypted volume.

TrueCrypt, by the way, does not guarantee that an invalid password will be detected as invalid. The ASCII string "TRUE" and a CRC32 checksum will still make one out of 18 billion billion incorrect passwords appear correct. If the key has more than 80 bits of randomness, there will be tens of thousands of keys that would test as valid.

That is not a reasonable doubt (and reasonable doubt is a much stricter standard than we are looking at here).

To put it in perspective, the odds of a random 80-bit collision are one divided by the total number of atoms in the universe (which is, in fact, ~2^80).
2.27.2009 2:11am
Oren:

Suppose Boucher hadn't been so stupid as to originally cooperate with the customs agent. Suppose the agent had turned on his laptop, seen a password prompt, and asked Boucher to enter his password. What would have happened had Boucher simply refused and said "take the laptop if you want it, I can always buy another one?"

Without a doubt he'd be free as a bird.
2.27.2009 2:13am
Oren:

i note this same paranoia is rarely applied towards defense attorneys.

Defense attorneys are required by oath to lie, if that would get their client off the hook. The standard is higher when you represent the government (see, e.g. the comments in the Sen. Stevens contempt trial).
2.27.2009 2:15am
Oren:

Can someone who is please explain the "foregone conclusion" doctrine, and how it applies?

Short version: the fifth amendment does not protect you from giving testimonial evidence that will not give the government new information. In other words, the "testimonial" part of giving up the password is admitting that you know the password and control the encrypted volume. The government already knows that, so the testimony is not protected.
2.27.2009 2:17am
Oren:


A valid TrueCrypt volume, without knowing the password, is indistinguishable from an empty TrueCrypt volume.

Correct.

The case here turns on the additional knowledge that the hard drive does, in fact, contain an encrypted volume. I don't know how many times I've said that at this point. You have to confront the fact that the defendant voluntarily decrypted the volume for CBP, who then observed child pornography on it. The cat is out of the bag. The train has left the station.

Another reason not to volunteer anything to the authorities at any time (sorry Whit, it's true -- I'm not after speeding up your process of sorting the guilty from the innocent at the cost of my own ass).
2.27.2009 2:21am
David Schwartz (mail):
To put it in perspective, the odds of a random 80-bit collision are one divided by the total number of atoms in the universe (which is, in fact, ~2^80).
Right, but the odds of a password that passes the validity check being the right password is also very low.

The case here turns on the additional knowledge that the hard drive does, in fact, contain an encrypted volume. I don't know how many times I've said that at this point. You have to confront the fact that the defendant voluntarily decrypted the volume for CBP, who then observed child pornography on it. The cat is out of the bag. The train has left the station.
This is the government's contention. Its problem is precisely that it can't prove this very thing. It's bootstrapping to argue that was can use the fact that we know this thing to gather the evidence we need to prove it.

I presume if you ask Boucher's attorneys, they will point out all kinds of defects in this contention. Specifically, nobody actually saw any child pornography (other than animated 'child' pornography) on the volume. Yet this is the fact the government wishes to prove.
2.27.2009 6:05am
David Schwartz (mail):
Oren: Let me address your statistics argument in a bit more detail. Suppose you find a person and compare their DNA to the DNA left at a crime scene. Suppose there's a match at the 1-in-a-million level. How likely does this mean it is that the person whose DNA you tested is the perpetrator?

The answer is: it all depends on the circumstances. If you only tested this one person, and you tested him because an eyewitness picked him out a lineup, then it's quite likely he's the guy. But you did a DNA test on a million randomly selected people out of the world's population and he's the closest match, then it's highly likely he's not the guy. After all, 600,000 people or so will match to this level and he's just one of them.

The TrueCrypt password is the same. If you try truly random passwords until one of them passes the check, it's not likely that's the right password, just like the DNA dragnet case. If you get the password from the owner, then it's highly likely it's the right one.

The government also needs Boucher's production to establish Boucher's possession. There is simply no way the government can prove, given just the decrypted contents, that those were ever possessed by Boucher.

Put yourself in the place of the government. You have the encrypted hard drive. You have the unencrypted hard drive, but cannot use its production. How do you establish that Boucher possessed the unencrypted contents?
2.27.2009 6:14am
John Adams:
Breaking encryption is a factor of CPU power and time. If a defendant refuses to provide the combination of a safe law enforcement cracks that safe. If Law enforcement lacks the skills and resources to circumvent the defendants "lock" that's their problem. The courts are playing fast and loose with the law and the 5th amendment because of a lack of their technological skill set for their own benefit. It's really a shame that the courts are so willing to "interpret" away our rights by second guessing plainly written constitutional rights for their own benefit.

Its truly a shame that the absolutes in our constitution are being disregarded by a legal system intertwined with political interests and financial interests. Instead of the absolute plainly written laws we had before we have a million shades of gray so some court system or government system can profit from taking away rights.

Remember its our duty as citizens to stand up against out government when it becomes unjust and corrupt.
2.27.2009 10:51am
whit:

Defense attorneys are required by oath to lie, if that would get their client off the hook. The standard is higher when you represent the government (see, e.g. the comments in the Sen. Stevens contempt trial).



they are prohibited from (among other things) suborning perjury, etc.

i was actually pretty surprised. i had a small example of that the other day. the prosecutor was FUMING. i was like "whatever".
2.27.2009 12:26pm
whit:

The case here turns on the additional knowledge that the hard drive does, in fact, contain an encrypted volume. I don't know how many times I've said that at this point. You have to confront the fact that the defendant voluntarily decrypted the volume for CBP, who then observed child pornography on it. The cat is out of the bag. The train has left the station.

Another reason not to volunteer anything to the authorities at any time (sorry Whit, it's true -- I'm not after speeding up your process of sorting the guilty from the innocent at the cost of my own ass).



except you ignored what i posted.

i made very clear that (posted several times) that *if* you are guilty as hell, you very well should NOT volunteer information unless you want to help your conviction.

like i said several times, the "don't volunteer anything" canard i have protested in regards to INNOCENTS,... NOT in regards to the "guilty as %*$*${" such as this guy.

he KNEW he had child porn on his computer and he volunteered it.

in no way, shape or form did recommend that.

i said that it is wrong, as a blanket rule, to not cooperate with police during the course of an investigation. numerous posters here have recommended otherwise.

i said that, for example, when you are innocent and can give an explanation why, etc. that it's a GOOD idea to help police because it allays their suspicion of YOU, and helps them save time to go after the actual bad guy.

and in a terry stop (i've been terry stopped before. once as a robbery suspect because my van matched a suspect vehicle), the same applies.

iow, you are COMPLETELY misstating what i wrote.
2.27.2009 12:30pm
David Schwartz (mail):
I presume if you ask Boucher's attorneys, they will point out all kinds of defects in this contention. Specifically, nobody actually saw any child pornography (other than animated 'child' pornography) on the volume. Yet this is the fact the government wishes to prove.
Sorry, this statement is incorrect. The agent did actually see child pornography on Boucher's computer. Presumably, with the decrypted contents, the agent could at least testify that some particular images therein are the ones that Boucher showed him.
2.27.2009 12:44pm
David Schwartz (mail):
i said that, for example, when you are innocent and can give an explanation why, etc. that it's a GOOD idea to help police because it allays their suspicion of YOU, and helps them save time to go after the actual bad guy.
For the fictional person who has not committed anything that is currently defined as a crime within their statutes of limitations (and if he has confidence that he is correct in this assessment) your advice is valuable. You cannot trust the police to be honest with you about what they are investigating -- they are not supposed to be honest about this.

One of the worst consequences of having a massive number of bad, vague, and downright crazy laws is that there are no people who are confident they are innocent. This probably significantly hampers law enforcement. (Although sometimes it helps, as on every episode of Law and Order where the police threaten to call in the IRS or get punitive search warrants.)
2.27.2009 12:47pm
whit:
david, i can tell you from personal experience that the VAST majority of contacts i have with citizenry, even when they actually are lawyers, and even when they are suspected of X, the people volunteer information. and in the VAST majority of circumstances, it benefits them.

this is also more true with local cops than feds, since (imo) it is federal law that has far more bad, vague, and crazy laws.

i am all for guilty people cooperating too. had a child molester give a full confession the other day that will almost certainly result in life in prison.

but i would not RECOMMEND if you are guilty as #$(#$( to admit your guilt.

nor did i ever do so. unless you are being conscientious and want to take responsibility for your crimes.

i get a kick out of law and order. i only watch the original. (i will never watch any show with ice-t or richard belzer as cops if i can avoid it although belzer was good in homicide, since we didn't have to see hm as much).

but in some ways it is incredibly unrealistic.

but it's still great drama, and i love the comfort of the set routine (opening homicide scene, wisecrack, first 20 minutes is police investigation, last 1/2 is courtroom testimony. and extra points for the sanctimonious and overreaching jack mccoy)
2.27.2009 1:01pm
Oren:

The TrueCrypt password is the same. If you try truly random passwords until one of them passes the check, it's not likely that's the right password, just like the DNA dragnet case. If you get the password from the owner, then it's highly likely it's the right one.

Yes it is. There is one and exactly one password that checksums correctly. The odds of there being two or more are >2^-80 = 0 and the odds of there being zero are 0 because a reliable third party has seen the drive decrypted (e.g. it's not just "dd if=/dev/random of=/dev/sdb").

Hence, there is exactly one. If it checksums, it's the one.


The government also needs Boucher's production to establish Boucher's possession. There is simply no way the government can prove, given just the decrypted contents, that those were ever possessed by Boucher.

Again, we have testimony that an agent saw the contraband. If he testifies that the images he saw at the first encounter are the same as the decrypted one, no jury will find claims to the contrary credible.


Put yourself in the place of the government. You have the encrypted hard drive. You have the unencrypted hard drive, but cannot use its production. How do you establish that Boucher possessed the unencrypted contents?

By having the agent testify that he saw the same illegal content in Boucher's possession at the initial encounter.
2.27.2009 1:20pm
Oren:

i said that, for example, when you are innocent and can give an explanation why, etc. that it's a GOOD idea to help police because it allays their suspicion of YOU, and helps them save time to go after the actual bad guy.

Not my job to save you time.

It is my job not to get busted for the myriad State and Federal offenses that I commit on a daily basis. I count at least 12 criminal (non-traffic) offenses off the top of my head.
2.27.2009 1:31pm
whit:
that's great oren, but you are still ignoring that i NEVER said what you claimed i said, and my advice was for those who are INNOCENT.

whether or not it's your "job". it's called being a good citizen.

you are not helping ME. i get paid either way. you are helping yourself, and more importantly - society at large.
2.27.2009 2:00pm
pintler:

i said that it is wrong, as a blanket rule, to not cooperate with police during the course of an investigation. numerous posters here have recommended otherwise.

i said that, for example, when you are innocent and can give an explanation why, etc. that it's a GOOD idea to help police because it allays their suspicion of YOU, and helps them save time to go after the actual bad guy.


The counterargument given by that Va professor in the oft mentioned 'Why You Should Never Talk to the Police' lecture goes like this: the police want to interview you about a murder. You're happy to comply - you know you are innocent. They ask 'Were you at Joe's Bar and Grill (the crime scene) on the night of the 14th?'. You answer 'No, I've never even heard of it'. In fact, you drove by it looking for that funky Ethiopian restaurant you heard was so good, and your license plate was caught on a camera down the street. Now, on the stand, you get to try to explain to the jury why you lied to the police about your whereabouts that night. That's not exactly getting off on the right foot, jury wise.

I think another example (might be wrong, it's been a while) was the police ask 'Who might have wanted your boss dead' and you reply 'everyone, he was a jerk'. Your atty might help you to phrase that sentiment in a more jury friendly way.

I'm not saying that, statistically, it's risky for the innocent to talk to the police - I don't have the data - but there are actual cases where innocent people served long sentences who probably would not have, had they declined to speak w/o an atty. If you haven't read it, try 'Actual Innocence' by Barry Scheck (sp?). It puts Clancy and Grisham to shame, and it's true.

Refusing to talk may be on the far side of cautious, like carrying a fire extinguisher in your car, or getting a CPL, but it's not irrational. It's trying to protect against a low probability but very bad outcome.
2.27.2009 2:05pm
JB-guest (mail):

You have to confront the fact that the defendant voluntarily decrypted the volume for CBP, who then observed child pornography on it. The cat is out of the bag. The train has left the station.



Because this case is being appealed to a higher court it is being touted as a precedent-setting case, and that if the appeal fails then judges will be able to force you to decrypt encrypted volumes. But based on the fact that the government already knows what is encrypted on the hard drive then it really isn't a precedent that would force wholesale decryptions, is it? Wouldn't it only apply to cases where the content of the hard drive is already known?
2.27.2009 4:22pm
whit:

but there are actual cases where innocent people served long sentences who probably would not have, had they declined to speak w/o an atty. If you haven't read it


and there are examples where innocent people helped NOT get arrested and NOT charged and NOT convicted BY talking to police.

but you don't hear about htose cases because they don't make into the docket AT ALL.

i can cherry pick examples to prove any point, as can you. except that's just anecdotes.

defense attorneys have a natural bias but the "don't talk to police bias" is just that - a bias. it obstructs justice, it helps the guilty go free, and it wastes time and resources. in many cases, it will place suspicion on you, which wouldn't happen if you just gave a frigging explanation.

i've read many of the arguments for not talking to the police. to state that they are non-compelling is a gross understatement.

there is also a huge difference between being arrested and interrogated, and a field interview.
2.27.2009 6:58pm
Oren:

that's great oren, but you are still ignoring that i NEVER said what you claimed i said, and my advice was for those who are INNOCENT.

When I find that guy, I'll pass your advice along.
2.28.2009 1:40am
Phil Karn (mail) (www):

Short version: the fifth amendment does not protect you from giving testimonial evidence that will not give the government new information. In other words, the "testimonial" part of giving up the password is admitting that you know the password and control the encrypted volume. The government already knows that, so the testimony is not protected.


So if the government already has that information, why do they need to hear it again from me? If they need information from my brain to help convict me, then how is that not self-incrimination?

Isn't this a classic police interrogation technique? Fool the suspect, um, interviewee, into thinking you know far more than you actually know so that he won't think he's giving up anything by talking?
3.1.2009 6:47am
Phil Karn (mail) (www):

the "testimonial" part of giving up the password is admitting that you know the password and control the encrypted volume.


In other words, never ever say anything like "it's for me to know and you to find out". Makes sense even if that didn't infuriate some burly guys with guns.

I know the border exemption pretty much guts the 4th amendment, but what about the 5th? What questions, if any, are you legally obligated to answer from an immigration or customs official?

Is it really a foregone conclusion that Boucher had child porn on his laptop? If Boucher hands over his key, the government can have experts analyze the pictures in question, including any the border agent might not have seen. The experts might find them in a database of known illegal material. The government could show them in court.

Without the key, the prosecution has only the border agent's word that he saw contraband on the laptop. The jury might still believe him, but clearly the government's case would not be quite as compelling.

Or is that not the "foregone conclusion" you're talking about? Let's say you mean only the fact that Boucher knows (or knew) the key, not that the encrypted data on the laptop is contraband. Even so, I'm not sure I agree that the principle applies.

In the precedents, the "foregone conclusion" is that the defendant possesses incriminating paper documents that the government wants to obtain and use against him. But the only tangible object here is the laptop -- and the government already has it. Their problem is that they don't know what it means. It's just a mass of seemingly random bits.

So what the government wants is nothing less than the power to force the defendant to actively assist them in interpreting the evidence against him in an incriminating fashion.

If that would not be a testimonial act, then what would be? How would this be any different from forcing a murder defendant to explain to the crime lab the exact significance of every piece of physical evidence they collected at the crime scene? Obviously this would make the government's job much easier. It might even allow them to obtain a conviction that they would not otherwise be able to get. But that's exactly why we have the fifth amendment in the first place, isn't it?
3.1.2009 7:37am
Phil Karn (mail) (www):

One of the worst consequences of having a massive number of bad, vague, and downright crazy laws is that there are no people who are confident they are innocent. This probably significantly hampers law enforcement.


This is absolutely true. A textbook example took place here in San Diego in 2002. The parents of murder victim Danielle Van Damm smoked some dope with their friends the evening before their daughter was kidnapped and murdered by their neighbor David Westerfield. Naturally they were reluctant to be entirely forthcoming with the police about their exact whereabouts and activities during that time.

This, and their unconventional (but probably not that uncommon sexual lifestyle) were heavily exploited by the defense in their attempt to create reasonable doubt that their client committed the crime.
3.1.2009 3:17pm
David Schwartz (mail):
Short version: the fifth amendment does not protect you from giving testimonial evidence that will not give the government new information. In other words, the "testimonial" part of giving up the password is admitting that you know the password and control the encrypted volume. The government already knows that, so the testimony is not protected.
In every criminal conviction, the government will claim that it "already knows" you are guilty. Why else would it have charged you? The government needs this evidence in order to prove the very thing it claims it already knows.
3.1.2009 10:12pm
Phil karn (mail):

In every criminal conviction, the government will claim that it "already knows" you are guilty.


Exactly my point. So why do they need Boucher's key if they already consider it a foregone conclusion that his laptop contained child porn?
3.3.2009 10:19pm

Post as: [Register] [Log In]

Account:
Password:
Remember info?

If you have a comment about spelling, typos, or format errors, please e-mail the poster directly rather than posting a comment.

Comment Policy: We reserve the right to edit or delete comments, and in extreme cases to ban commenters, at our discretion. Comments must be relevant and civil (and, especially, free of name-calling). We think of comment threads like dinner parties at our homes. If you make the party unpleasant for us or for others, we'd rather you went elsewhere. We're happy to see a wide range of viewpoints, but we want all of them to be expressed as politely as possible.

We realize that such a comment policy can never be evenly enforced, because we can't possibly monitor every comment equally well. Hundreds of comments are posted every day here, and we don't read them all. Those we read, we read with different degrees of attention, and in different moods. We try to be fair, but we make no promises.

And remember, it's a big Internet. If you think we were mistaken in removing your post (or, in extreme cases, in removing you) -- or if you prefer a more free-for-all approach -- there are surely plenty of ways you can still get your views out.