District Court Overturns Magistrate Judge in Fifth Amendment Encryption Case:
Back in late 2007, I blogged a lot about a magistrate judge ruling in In re Boucher, a case involving a how the Fifth Amendment right against self-incrimination applies to access to encryption keys. I argued back then that the magistrate's decision was wrong on narrow grounds: Although the Fifth Amendment normally blocked the subpoena of encryption keys, in this particular case the facts divulged by compliance with the subpoena were already known to the government and therefore not privileged under the "foregone conclusion" doctrine.
Although the 2007 ruling garnered a great deal of press attention (including articles in the Washington Post and the New York Times), it was only the ruling of a magistrate judge rather than an Article III District Judge. The government sought review of the case with an Article III District Judge (more or less an "appeal" from the ruling of the magistrate judge), and we have been waiting for a ruling from the District Court for about a year.
A few days ago, District Judge William K. Sessions III finally handed down a ruling. I have posted the opinion here: In Re Grand Jury Subpoena to Sebastien Boucher. Judge Sessions's take was basically the same as mine in my 2007 post: He ruled that under the specific facts of this case, Boucher must decrypt the hard drive and produce to the government an unencrypted version of the drive. (Notably, the subpoena orders Boucher to produce to the government an unencrypted version of his hard drive, not to actually give the government his key.) There was no Fifth Amendment privilege because the government already knew the testimonial things that compliance with the subpoena would help show, making that a "foregone conclusion." From the opinion:
Although the 2007 ruling garnered a great deal of press attention (including articles in the Washington Post and the New York Times), it was only the ruling of a magistrate judge rather than an Article III District Judge. The government sought review of the case with an Article III District Judge (more or less an "appeal" from the ruling of the magistrate judge), and we have been waiting for a ruling from the District Court for about a year.
A few days ago, District Judge William K. Sessions III finally handed down a ruling. I have posted the opinion here: In Re Grand Jury Subpoena to Sebastien Boucher. Judge Sessions's take was basically the same as mine in my 2007 post: He ruled that under the specific facts of this case, Boucher must decrypt the hard drive and produce to the government an unencrypted version of the drive. (Notably, the subpoena orders Boucher to produce to the government an unencrypted version of his hard drive, not to actually give the government his key.) There was no Fifth Amendment privilege because the government already knew the testimonial things that compliance with the subpoena would help show, making that a "foregone conclusion." From the opinion:
Where the existence and location of the documents are known to the government, “no constitutional rights are touched,” because these matters are a “foregone conclusion.” Fisher, 425 U.S. at 411. The Magistrate Judge determined that the foregone conclusion rationale did not apply, because the government has not viewed most of the files on the Z drive, and therefore does not know whether most of the files on the Z drive contain incriminating material. Second Circuit precedent, however, does not require that the government be aware of the incriminatory contents of the files; it requires the government to demonstrate “with reasonable particularity that it knows of the existence and location of subpoenaed documents.”That seems correct to me, as explained in my original post and expanded on at length in this post. I suppose the next question will be whether Boucher will comply with the subpoena, or whether he will "forget" the key or just refuse to comply and face contempt charges instead. Stay tuned.
Boucher accessed the Z drive of his laptop at the ICE agent's request. The ICE agent viewed the contents of some of the Z drive's files, and ascertained that they may consist of images or videos of child pornography. The Government thus knows of the existence and location of the Z drive and its files. Again providing access to the unencrypted Z drive “adds little or nothing to the sum total of the Government's information” about the existence and location of files that may contain incriminating information. Fisher, 425 U.S. at 411.
Boucher's act of producing an unencrypted version of the Z drive likewise is not necessary to authenticate it. He has already admitted to possession of the computer, and provided the Government with access to the Z drive. The Government has submitted that it can link Boucher with the files on his computer without making use of his production of an unencrypted version of the Z drive, and that it will not use his act of production as evidence of authentication.
Because Boucher has no act of production privilege to refuse to provide the grand jury with an unencrypted version of the Z drive of his computer, his motion to quash the subpoena . . . is denied.
If so, could the defendant then refuse to say how the computer had been unlocked in the past? This would be equivalent to saying it was his safe, and saying he had been in it open in the past, but perhaps the combination had been entered by an assistant.
If the government has no direct knowledge of him having opened the safe, would the same narrow grounds of foregone conclusion still apply?
(IANAL, so I apologize if I phrased any of this inexactly or just plain wrongly.)
Given the amount of time that's passed, forgetting the password would actually be pretty reasonable, particularly if he chose a strong password (IIRC the government failed to break his password with a dictionary attack, so it's probably a fairly strong password).
Also, I to am interested in the power of the court to hold him in contempt in an attempt to force disclosure. Will the court just allow a negative inference instruction?
Damn.
Concur. Until I started rotating passwords, you could've put me in jail for a long time and I couldn't have told you my password from a year ago.
Tho given the nature of the stored files, perhaps the feds were using an insufficiently vulgar dictionary.
What? You say you don't believe the "decryption" was just a decryption? Prove it, copper.
That reminds me, there are some popular encryption products (can't recall the names but they are widely available) that allow for phantom partitions with different passwords. You enter one password, you get your real data. You enter another password and you get some dummy data. In this case, real data could be the child porn and dummy data could be legal porn. Considering the encryption makes it impossible to discern whether there are even more than one partition, how could the gov't argue the dummy data wasn't the real data?
My understanding is that it would be quite easy to show that the hard drive was tampered after it was decrypted. Plus, assuming that Boucher does not have some sort of delete program on his computer that would truly delete files (rather than just mark the space as free), the files would still be there. In addition, I assume the government would only give Boucher a digital copy of the encyrpted drive, not the original. Given that, I would think it extremely unwise to try what you're suggesting.
On the facts of this case it's not possible - the government seized the defendant's laptop during the border search. The issue here is whether there's a Fifth Amendment privilege to not produce the PGP encryption password for the "Z" drive partition on the laptop's HDD. The laptop is already presumably sitting in the evidence locker at a Federal criminal computer forensics lab somewhere.
Although you ask a good question if one assumes hypothetically that this was a subpoena for a physical computer HDD. If someone tried to pull a switch like you propose where just some partitions or file directories are encrypted (while the programs and OS portions aren't), there would be plenty of forensic crumbs on the unencrypted portions of the HDD to be able to ascertain with a fair degree of certainty whether the produced drive really was the HDD from the target computer. If he were to produce a partially or totally wiped drive and try the "oops, bad disk" line, it would be possible to determine whether and when it was systematically wiped. I have heard of a number of computer crime cases where the presence of HDD wiping software like the wonderfully-named "Evidence Eliminator" itself was relevant evidence of criminal mens rea.
So what's the incentive for the defendant to cough up the key to the images? It allows him to set up the endgame so he can get credit under the Sentencing Guidelines for cooperation and acceptance of responsibility. If he obstructs, he not only gets no credit, in fact he will face an obstruction enhancement. Or to put it crassly, if he plays games, he buys himself more quality time with a cellmante named Spike...
more details here
http://www.truecrypt.org/docs/?s=hidden-volume
If the gov't doesn't need the hard drive for a conviction, why would they continue to try to get it?
I doubt the truecrypt fake volume gambit would work terribly well when you're dealing with Federal computer forensics agents who have either the original HDD or a full image of the disk made with a forensic copying suite like EnCase. First problem is that they'd see the program is on the computer, which would immediately set off alarm bells. And because they're working from a forensic image, they'll be able to see the size and number of any encrypted partitions. They will fairly readily figure out what the tendered password does, and does not, unlock.
Where that program might work is when you're dealing with somebody who can't do a forensic sweep of the physical HDD. Like your boss or your wife, perhaps. But not the computer squad guys.
It's a bit more complicated than that, but for one thing, the Sentencing Guidelines for the offense set the presumptive sentence on the number of images and types of images. That can only be known by analyzing the computer.
The government's situation is akin to a case where a person confesses to causing someone's death and hiding the body but denies the killing was intentional. The government wants to extract where the body is hidden. The government knows roughly where the body is but can't quite get at it.
This is analogous. The search for the decryption key by a dictionary attack and brute force is akin to the search for a body with dogs and search parties.
Not questioning the resources of the FBI or Customs, but the developers at TrueCrypt apparently thought about at least one of your points:
If something is encrypted, all forensic analysis will have revealed are random (digital) bits. You can't do anything more once you have those bits as the mathematical principles behind encryption stand in the way.
This specific case apparently lacks these juicy complexities so anything interesting in way of technical details will probably have to wait.
Thats the point, so he should cooperate so that he gets a felony conviction, life time sex-offender registration and prison, but slightly less prison than he would otherwise get?
Or he could refuse to decrypt, and have a real chance of avoiding conviction... Can a judge lock him away for years for refusing to help the gov't convict him? I'm not very familar with the extent the contempt system can be used to compell evidence...
Moreover, the process of this trial is quite stressful and, as we know, stress can induce loss of memory.
ruuffles, the problem is that the government already knows that partition Z is encrypted. Given that, they can conclusively test whether a given key is the correct one very quickly.
Incidentally, this is why I advocate keeping illegal materials on microsd cards. If you can eat it, you can beat it.
no key, no verification. On that note, when this occurs "in the real world," with paper documents, for example, how does the gov't authenticate those produced are the ones they want and not others?
Do you really think that the government can't modify its subpoena to include the encryption key used as well as the unencrypted contents?
IRL, it's probably a big mistake to forge documents that the government wants. The coverup is usually worse than the crime.
Let's say password A unlocks 50% of a file, creating a volume. Based on what I've read, you still can't prove that a specific 20% of the same file is another volume.
If the FBI could prove that remaining 20% is a volume, they could just unlock the entire file in the first place.
Now if I had two different files, then yes, it's obvious that I have multiple things to unlock, but that's not the thing as a hidden volume. You might also want to check out http://en.wikipedia.org/wiki/Rubberhose_(file_system)
Monty: This WSJ article suggests that the federal court system limits civil contempt imprisonment to 18 months.
As this would a coercive contempt charge - "Produce the key" - as opposed to a criminal "You were rude to a judge" contempt charge, no trial would be required.
That's correct, but if the agent already knows that the "inside" 20% exists and contains file A, then he has more information than you have postulated.
I acknowledge, however, that this is nowhere near being the law, and under the law as it currently stands, Professor Kerr's and Judge Sessions' position appears absolutely correct.
I would however say that blood, hair, etc are different from a handwriting or voice exemplar in that they can be gathered from an unwilling subject. Anything that requires the active participation of a non-cooperator should be out of bounds.
I think Hubble bars the government from relying on the fact that the defendant turned over the unencrypted hard drive in response to the subpoena, to demonstrate that the unencrypted drive is the same as the encrypted drive.
As the Court explained in Hubble: "It was only through respondent's truthful reply to the subpoena that the Government received the incriminating documents of which it made 'substantial use . . . in the investigation that led to the indictment.'" 42-43. A footnote emphasizes that the reliance on the truthfulness of the subpoena response implicates the testimonial aspects of that response.
Disclaimer: I am a computer nerd, but don't specialize in encryption. I have read the TrueCrypt documentation, and they have a good reputation, and it seems plausible to me that you can do the two passwords, two volumes thing in a way that allows you to plausibly deny the second volume.
Secondly, I think we will need some jurisprudence about lost passwords. Encryption is a coming thing, with HIPAA, FERPA, and all that. I'd hate to be Mr. Lowly Clerk who has some dusty CD-ROMs in a drawer when the FBI carries off the company records while investigating my boss, and be unable to remember the old passwords.
One of the charms of language is how one finds oneself uttering sentences that one had never expected to formulate.
As for the "fake password," the only really sound solution would be one where the fake password ruined the data ... but it seems from the above comments that it's not feasible to do so w/out the police knowing.
I would be a lot more into rooting against the Thought Police and all that if it weren't child porn. Thanks for ruining my kneejerk anti-authoritarianism, you callous perverts.
You and Judge Sessions may have the correct take on applicable precedent. But you and Judge Sessions have lost sight of the Constitution. In the present case, the government seeks no more than wrest a fact from a man's own mind.
I see no reason why any person should treat this decision with anything more than utter contempt.
The law has lost its reason.
Now calm down here. I probably agree with you more than disagree about how the Constitution should be interpreted with respect to this issue. But Professor Kerr is blogging as to what the law is, not what is necessary the ideal legal rule or even the most plausible interpretation of the broad language of the Fifth Amendment. He hasn't "lost sight of the Constitution"-- he was saying where the law currently stands, which is a service to his readers.
And why hold Judge Sessions in "utter contempt"? He is required to follow applicable precedent and reach a decision consistent with it. And as you concede, applicable precedent supports the result he reached. There are plenty of judges, all over the country, who issue rulings every day that they do not agree with on the merits, because they are compelled to do so by applicable precedent. Are all of those judges to be held in "utter contempt"?
I would like to see a Fifth Amendment interpretation that is much more protective of the non-testimonial manners in which people can be compelled to incriminate themselves. But that isn't what we have now. And Judge Sessions is obligated to follow what the law is now, and Professor Kerr is perfectly justified in writing about it.
Oh, of course. Gosh, what could I have been thinking?
I certainly couldn't figure out any way to swindle the government lawyers on this deal without leaving a molecule of footprint. No sirree bob. You could certainly trust that any copy I give you of my decrypted drive is just that.
Similar dilemma.
Assuming Boucher were charged with simple possession of child pornography under 18 U.S.C. § 2252A and there were no aggravating circumstances (such as prior convictions or efforts to arrange a sexual encounter with an actual child), that charge would carry a statutory penalty range of zero to 10 years’ imprisonment, 18 U.S.C. § 2252A(b)(2), while the distribution or receipt of the same pornographic material subjects a defendant to a statutory mandatory minimum sentence of 5 years and a maximum of 20 years. 18 U.S.C. § 2252A(b)(1).
Luckily for the defendant, there is only a single, seldom-applicable cross reference under the federal sentencing guidelines (thus reducing the chance that he’d be held accountable for conduct beyond those which were the basis for his conviction).
However, depending on the quantity and nature of the actual images, Section 2G2.2 of the federal sentencing guidelines contains some brutal enhancements for certain image quantity thresholds and image characteristics, such as those depicting prepubescent children or forms of sexual violence.
If he refuses to comply with an order to reveal the password he’s subject to civil and criminal contempt charges along with obstruction of justice. The maximum sentence for civil contempt is 18 months. 28 U.S.C. § 1826. The maximum penalty for criminal contempt is whatever the judge wants it to be, within reason. See this section of the U.S. Attorneys’ Manual; see also, §2J1.1 of the Federal Sentencing Guidelines Manual. One of the longest sentences imposed, and upheld on appeal, for criminal contempt was 5 years (which is also the maximum for obstruction). U.S. v. Papadakis, 802 F.2d 618 (1986).
Of course, the Supreme Court has determined (and reaffirmed several times since) that the federal sentencing guidelines are only advisory.
It appears they have enough already to convict Boucher on possession of child pornography and that some of the material shows child rape. If he allows them access to the rest of it, he many give them enough additional evidence to ratchet-up his sentence close to the 10 or 15-year maximum. It’s not likely that any favor he might curry by cooperating will be enough to offset that additional increase - especially since he's already refused and a judge might view any cooperation as involuntary or insincere. And depending on what’s in the hidden files, it’s possible he may reveal evidence of new crimes such as solicitation or molestation where he himself is the perpetrator.
Nonetheless, an attorney shouldn’t simply advise a client to commit a crime, in this case obstruction or contempt by refusing to reveal the password. Instead, that’s a decision which should be left to the client after the attorney discusses the potential consequences, what alternatives might exist, what defense theories he has in mind, among other considerations.
Going back to the DUI breathalyzer analogy, this opinion by the Alaska Bar Association describes the conditions upon which it’s permissible for an attorney to advise a client to refuse to submit to an otherwise lawful breath test.
And it’s worth noting that in Maness v. Meyers, 419 U.S. 449 (1975), the U.S. Supreme Court reversed the contempt conviction of an attorney who, during a trial, counseled his clients not to respond to a subpoena to produce documents. The Court held that the client may risk contempt for failure to comply, but the attorney may not be convicted of contempt for rendering his advice in good faith. The Court stated that the advice of an attorney to a client in the exercise of the client's Fifth Amendment privilege is an integral part of the protection accorded to the client by the Fifth Amendment, even when that advice may be substantively incorrect. Id. at 467-68, citing to In re Watts, 190 U.S. 1 (1903).
Lastly, the district court’s ruling now brings the United States into line with the United Kingdom on this issue. See this article discussing the criminal appellate court’s ruling from October of last year.
Regarding the point that Boucher has only been ordered to produce the unencrypted drive (presumably after being supplied a copy of the seized drive):
In general, given an encrypted drive image and a purported unencrypted drive image of the same size as the encrypted portion, and that alone, any ability to prove or disprove that they correspond represents a vulnerability in the cipher or mode of operation of the disk encryption. It would be shocking if PGPDisk has such a vulnerability.
It is correct that in this case, where the encrypted drive was used with an unencrypted system drive, there would likely be evidence if an unrelated "decrypted" drive image were provided. However, the suspect need not provide an unrelated drive image. He could decrypt the drive, tamper with it, and provide the tampered drive image. There is no law of the universe requiring that such tampering be stupid. The suspect need not boot from the drive, let alone install a program named "Evidence Eliminator". I agree that sophistication would be require to avoid evidence of tampering, but replacing the contents of each illegal file with legal contents of the same general type without leaving any illegal contents or evidence of tampering is substantially easier than creating a plausible drive from scratch to correspond to the unencrypted system drive, which might be nearly impossible.
I don't deny the risk to the suspect of later being compelled to produce the key. The production of the correct key would expose the tampering, and just for the record the suspect would certainly not be able to produce a key that decrypts the original encrypted drive to his slightly tampered copy.
Regarding the use of hidden drives (a general discussion unrelated to the facts of this case):
The general idea is that you have a large "outer" encrypted drive where the decrypted free space is initialized to random data. Some portion of this space might optionally be the hidden drive, which is encrypted with a separate key and indistinguishable from random data without it. The same program that handles the outer drive's encryption handles the hidden drive's if it is present and that key is given. Thus, the program no more implies the existence of a hidden drive than the outer encrypted drive does in the first place.
With respect to TrueCrypt, it is probably one of the most popular free disk encryption programs for Windows if not the most popular. It presumably has many users who do not use the hidden drive feature (for example, many users just want full disk encryption to protect against a lost or stolen laptop), and thus it need not imply the presence of a hidden drive the way that "Evidence Eliminator" implies wiping was performed.
However, quite careful precautions are needed to avoid creating strong indirect evidence of the hidden drive in the other portions of the outer drive. I make no representation that the TrueCrypt software takes adequate precautions or that following the instructions on its website constitutes adequate precautions, nor do I claim the opposite.
This case shows that we users are probably the weakest link in the security chain. If you want your encryption to work, don't unencrypt it for the people you want to hide it from.
As to my previous post, I think it would be ethical to advise the client to take a contempt hit to test the judge's ruling on appeal, but unethical to advise the client to refuse a court order simply because the price of compliance is higher than the price of defiance. But you could say, "Here are your options: Option A, 18 months in prison on contempt; Option B: Many years in prison on a sex offense plus a lifetime of registration. As your lawyer, I must advise you to take Option A."
But I somehow doubt that the system would impose only 18 months for defiance of this court order. In cases like this, the system has a way of getting what it wants.
Whatever the contempt sentence is, it doesn't come with a lifetime of wearing a scarlet letter.
I'm sorry. I don't think there's really anything left to discuss here. The issue is clearcut.
The Fifth Amendment was adopted after a long history, which includes, among many other things, the oath ex officio and the trial of John Lilburne in camera stelat'.
You appear to have lost sight of that history. I say that because you appear to have lost any proper regard for the abuses of that earlier age. And thus, I say, you have lost sight of the Constitution.
Men with rude force may seek to press Mr Boucher to condemn himself. And men with clever sophistry may justify that pressing. But it is wrong.
I repeat myself: I have nothing but contempt for this decision.
No, you have nothing but contempt for the precedent that this district court must follow. At least direct your irrational scorn at the proper target.
In an earlier discussion of this case it was suggested that the Fifth Amendment allows a suspect to literally "go limp" and challenge the prosecution to convict him. What about it?
I agree with the earlier poster who advised taking the contempt sentence; anything is better than the Scarlet Letter.
Question: if the suspect were a detainee at Gitmo, could the gov't hold him indefinitely without trial for refusing to provide the encryption key to his laptop?
IRL, going limp can be criminalized as resisting arrest or obstructing a police officer.
a distinction w/o a difference.
if i apply for a search warrant given that i have PC to believe porn is on a HD, i do not have to specify the location of each nibble.
a hard drive is enough of a "place" to work.
it sounds wrong to me because a decryption key is legally analogous to... a key or combination imo.
but i'll need to think about it more.
It doesn't matter what a decryptation key is analogous to. This password is actually held in Mr Bourcher's mind. That is, the password is manifested as a thought.
Thoughts may be analogous to a lot of things. But your thought of an automobile is not an actual autobile. Thoughts of physical things are not the physical things themselves.
That simple observation holds for whole classes of mental constructs and physical objects. As Korzybski famously pointed out, “The map is not the territory.”
The password exists in Mr Boucher's mind.
. . . .
Mr Boucher is accused of posessing contraband images. Those “images”, such as they are, actually exist as magnetic transitions. And the government cannot demonstrate a transformation from that magnetic coding to anything that a sane person would recognize as a contraband image. Yet, the government still insists that these particular magnetic domains are indeed contraband.
The government concedes that to prove the truth of their averment, they need the aid of the password held in Mr Boucher's mind.
The text and history of the Fifth Amendment forbid the government's seizure of Mr Boucher's thoughts in order to convict him of a crime.
The government does not even attempt to request a search warrant for Mr Boucher's mind. No do they even attempt to compell him to yield up his thought.
Instead, the judge cruelly finesses the constitutional bar by pretending it does not exist. He orders without actually saying so in so many words. The judge engages in a legalistic sham.
The defenders of Judge Session's sham reasoning claim that it compelled by precedent. That may be. I make no claim about Judge Session's personal mental state.
But the law has reached an insane state. An unreasonble state.
The judge follows the precedent that, as a lower court judge, he cannot simply ignore just because he doesn't like it. We all disagree about what the words in the Constitution dictate about actual legal procedure, turning this into a tawdry morality show is childish and evinces a lack of desire to address the issues.
As I said before, if you are going to be irrationally scornful, at least direct that scorn at the appropriate target.
This case is complicated (and hence interesting) because the defendant already, in fact, demonstrated to a Federal agent that those magnetic transitions on his hard drive are, in fact, child pornography. So what you said:
is not actually true. We have eyewitness testimony from a reliable source that saw, with his own eyes, that those magnetic bits actually do encode contraband. How can you reconcile your position in this case with those facts?
So indict him on the basis that a single witness saw something that is not replicable. Or don't indict him.
The point is simply that the government concedes it cannot demonstrate the transformation to anyone else.
Oren, I'm not really trying to pursuade you, or especially Professor Kerr. I just don't think we have enough common ground.
Fisher, the case this court is relying on, is readily distinguishable because Fisher was not being compelled to do anything personally. However, the reasoning in Fisher by which such compulsion would have been allowed is that nothing testimonial would have been compelled.
As for the "foregone conclusion" doctrine, it is also moored in the notion that what is compelled is not testimonial.
Boucher is not being asked to surrender anything but to testify that one particular decryption of the hard drive is the one he intended/possessed.
if i ask a DUI suspect to recite the letters of the alphabet, that is not testimonial evidence.
also, as OREN notes, somebody has already seen the images.
an analogy to me would be if the images were stored in a combination lock safe that the govt. could not enter without the combination (it has really good lock on it).
is the combination a "thing" like a key to a key safe would be, or not?
that seems a better analogy to me.
if i ask a DUI suspect to recite the letters of the alphabet, that is not testimonial evidence.
also, as OREN notes, somebody has already seen the images.
an analogy to me would be if the images were stored in a combination lock safe that the govt. could not enter without the combination (it has really good lock on it).
is the combination a "thing" like a key to a key safe would be, or not?
that seems a better analogy to me.
Right now, there are myriad possible decryption keys, each of which yields a different contents of the hard drive. By revealing the password, Boucher testifies that one particular decryption of that hard drive is the one he possessed.
It is *not* analogous to a combination lock. Entering different combinations doesn't change the contents of the safe.
If you want a safe analogy, how about this one: Boucher tosses his safe on a giant pile of safes. The government has no idea which safe is Boucher's. They want him to try his combination on every safe to see which one he opens, so they can tie the contents of that safe to Boucher.
They could, of course, force open every safe. But then, how do they prove which safe's contents are Boucher's?
Still think the combination is not testimonial? The government wants to prove that the contents of one particular safe belong to Boucher and not the others.
i never said that. i said just because speech is the medium does not necessarily make something testimonial. i haven't come to a conclusion in this case.
as for the "contents" thang.
there is (strong) probable cause that
1) there is contraband on the hard drive
2) the contraband is concealed via encryption
you are saying the contents are "changed".
well, if i was in possession of a stolen piece of art, and i cut it up into tiny little pieces, it is still a stolen piece of art. the contents haven't changed.
assuming these pieces were small enough, the govt. couldn't reconstruct the painting by gluing the pieces in proper order UNLESS the suspect gave them the information about how the pieces were arranged.
so, i guess your statement is that by mixing the bits around and even changing the underlying ascii code of each bit (not sure if both are done by this encryption prog) that the CONTENTS are changed.
one could argue the FORMAT of the contents are changed, but the contents aren't.
Still, regardless of the "legality" of it, I have only extreme contempt for the notion that a man should be forced at gunpoint to help his enemies screw him over in the courts. All the sophistry in the world will not change that simple fact of natural law.
If the coppers were to try to screw me over for say having encrypted information on a hard drive about how to casually and easily defeat digital rights management schemes for music or films with automated software, and the judge contemptuously ignored the fundamental right not to be terrorised into incriminating oneself, I'd tell the judge exactly where to shove himself and his lying sophistry.
It is affairs such as this that will eventually to very serious consequences for the current regime. It happened in 1776, and can happen again.
I'm puzzled how the government will then prove that Boucher possessed the decrypted contents of the hard drive. It would seem there's a serious chain-of-custody problem.
If they use the production against Boucher, then the production is testimonial. If they don't, they have no way to prove they seized the decrypted contents from Boucher.
How will they link Boucher with the decrypted contents without using his production? That seems totally impossible to me.
Absolutely false. There is only one password that correctly decrypts the volume. In TrueCrypt, for instance, it is specified at at offset 64 with length 4 there exists the ASCII string "TRUE" and that some bytes are a CRC32 checksum for some other bytes. There is only one key for which those things are both true (barring some truly astronomical coincidence). Thus, for any particular key, we can test whether it is a valid decryption key or not (incidentally, TrueCrypt works in the following way -- when the volume is opened TC tries all possible algorithms until the checksum comes up correct. Otherwise, it would have to store the algorithm used in plaintext, which would reveal to an adversary that the volume is, in fact a truecrypt volume and not some random space -- i.e. it would leak information. The only way that TrueCrypt knows to report that a password is incorrect is by trying all possible algorithms and failing to get the ASCII string and checksum correct).
In practice, there is a one-to-one relationship between the ciphertext and plaintext, or else encryption makes no sense at all.
TrueCrypt, by the way, does not guarantee that an invalid password will be detected as invalid. The ASCII string "TRUE" and a CRC32 checksum will still make one out of 18 billion billion incorrect passwords appear correct. If the key has more than 80 bits of randomness, there will be tens of thousands of keys that would test as valid.
A valid TrueCrypt volume, without knowing the password, is indistinguishable from an empty TrueCrypt volume.
Look at anything the Department of "Justice" does, look at Ruby Ridge - look at Waco - look at the prosecutions of legal medical marijuana clubs in Cali - look at what DOJ did to Lynne Stewart - look at DOJ's repression of non-violent protesters - look at DOJ's campaign of legal terrorism against environmentalists guilty of nothing more than some juvenile property destruction - look at ADX Florence (a prison deliberately designed for purposes of torture) - look at the draconian asset forefeiture laws - look at the US Attorneys scandal - look the career of John "Organ Failure" Yoo - look at the imprisonment of journalists refusing to reveal their sources - look at the FBI's "Common Core" database of over 10 million Americans targeted for imprisonment (or worse) in the event of a national "emergency". This is just another example of the jackbooted thug culture of Washington law enforcement.
Indeed, look at any aspect of Federal "justice" and you see corruption, abuse of power, repression, oppression, and outright criminality. What is the Department of Justice but a criminal conspiracy to subvert, undermine, betray, and destroy the Constitution impersonating an agency of the US Government?
If any department of the Federal Government ought to be abolished, I would start and end there, and throw back all supposed "Federal crimes" to the states.
ah yes. the inevitable in VC. the anti-cop bigotry post.
"the cops are lying. they all lie. they are framing him"
i note this same paranoia is rarely applied towards defense attorneys.
not anymore per holder.
i didn't vote for obama, but this is one advantage of him over mccain. i strongly doubt mccain would have actually respected federalist principles and enacted this policy.
Suppose Boucher hadn't been so stupid as to originally cooperate with the customs agent. Suppose the agent had turned on his laptop, seen a password prompt, and asked Boucher to enter his password. What would have happened had Boucher simply refused and said "take the laptop if you want it, I can always buy another one?"
But seriously, the guy hasn't had the drive in his possession for, what, a year and a half? If he hasn't had occasion to use the password for over a year and a half, and assuming it's a strong password and he doesn't use it for other things, how likely is it that he would remember? Do you remember all the passwords you used a year and a half ago?
True, except that we have reliable eyewitness testimony that it is, in fact, an encrypted volume.
That is not a reasonable doubt (and reasonable doubt is a much stricter standard than we are looking at here).
To put it in perspective, the odds of a random 80-bit collision are one divided by the total number of atoms in the universe (which is, in fact, ~2^80).
Without a doubt he'd be free as a bird.
Defense attorneys are required by oath to lie, if that would get their client off the hook. The standard is higher when you represent the government (see, e.g. the comments in the Sen. Stevens contempt trial).
Short version: the fifth amendment does not protect you from giving testimonial evidence that will not give the government new information. In other words, the "testimonial" part of giving up the password is admitting that you know the password and control the encrypted volume. The government already knows that, so the testimony is not protected.
Correct.
The case here turns on the additional knowledge that the hard drive does, in fact, contain an encrypted volume. I don't know how many times I've said that at this point. You have to confront the fact that the defendant voluntarily decrypted the volume for CBP, who then observed child pornography on it. The cat is out of the bag. The train has left the station.
Another reason not to volunteer anything to the authorities at any time (sorry Whit, it's true -- I'm not after speeding up your process of sorting the guilty from the innocent at the cost of my own ass).
This is the government's contention. Its problem is precisely that it can't prove this very thing. It's bootstrapping to argue that was can use the fact that we know this thing to gather the evidence we need to prove it.
I presume if you ask Boucher's attorneys, they will point out all kinds of defects in this contention. Specifically, nobody actually saw any child pornography (other than animated 'child' pornography) on the volume. Yet this is the fact the government wishes to prove.
The answer is: it all depends on the circumstances. If you only tested this one person, and you tested him because an eyewitness picked him out a lineup, then it's quite likely he's the guy. But you did a DNA test on a million randomly selected people out of the world's population and he's the closest match, then it's highly likely he's not the guy. After all, 600,000 people or so will match to this level and he's just one of them.
The TrueCrypt password is the same. If you try truly random passwords until one of them passes the check, it's not likely that's the right password, just like the DNA dragnet case. If you get the password from the owner, then it's highly likely it's the right one.
The government also needs Boucher's production to establish Boucher's possession. There is simply no way the government can prove, given just the decrypted contents, that those were ever possessed by Boucher.
Put yourself in the place of the government. You have the encrypted hard drive. You have the unencrypted hard drive, but cannot use its production. How do you establish that Boucher possessed the unencrypted contents?
Its truly a shame that the absolutes in our constitution are being disregarded by a legal system intertwined with political interests and financial interests. Instead of the absolute plainly written laws we had before we have a million shades of gray so some court system or government system can profit from taking away rights.
Remember its our duty as citizens to stand up against out government when it becomes unjust and corrupt.
they are prohibited from (among other things) suborning perjury, etc.
i was actually pretty surprised. i had a small example of that the other day. the prosecutor was FUMING. i was like "whatever".
except you ignored what i posted.
i made very clear that (posted several times) that *if* you are guilty as hell, you very well should NOT volunteer information unless you want to help your conviction.
like i said several times, the "don't volunteer anything" canard i have protested in regards to INNOCENTS,... NOT in regards to the "guilty as %*$*${" such as this guy.
he KNEW he had child porn on his computer and he volunteered it.
in no way, shape or form did recommend that.
i said that it is wrong, as a blanket rule, to not cooperate with police during the course of an investigation. numerous posters here have recommended otherwise.
i said that, for example, when you are innocent and can give an explanation why, etc. that it's a GOOD idea to help police because it allays their suspicion of YOU, and helps them save time to go after the actual bad guy.
and in a terry stop (i've been terry stopped before. once as a robbery suspect because my van matched a suspect vehicle), the same applies.
iow, you are COMPLETELY misstating what i wrote.
One of the worst consequences of having a massive number of bad, vague, and downright crazy laws is that there are no people who are confident they are innocent. This probably significantly hampers law enforcement. (Although sometimes it helps, as on every episode of Law and Order where the police threaten to call in the IRS or get punitive search warrants.)
this is also more true with local cops than feds, since (imo) it is federal law that has far more bad, vague, and crazy laws.
i am all for guilty people cooperating too. had a child molester give a full confession the other day that will almost certainly result in life in prison.
but i would not RECOMMEND if you are guilty as #$(#$( to admit your guilt.
nor did i ever do so. unless you are being conscientious and want to take responsibility for your crimes.
i get a kick out of law and order. i only watch the original. (i will never watch any show with ice-t or richard belzer as cops if i can avoid it although belzer was good in homicide, since we didn't have to see hm as much).
but in some ways it is incredibly unrealistic.
but it's still great drama, and i love the comfort of the set routine (opening homicide scene, wisecrack, first 20 minutes is police investigation, last 1/2 is courtroom testimony. and extra points for the sanctimonious and overreaching jack mccoy)
Yes it is. There is one and exactly one password that checksums correctly. The odds of there being two or more are >2^-80 = 0 and the odds of there being zero are 0 because a reliable third party has seen the drive decrypted (e.g. it's not just "dd if=/dev/random of=/dev/sdb").
Hence, there is exactly one. If it checksums, it's the one.
Again, we have testimony that an agent saw the contraband. If he testifies that the images he saw at the first encounter are the same as the decrypted one, no jury will find claims to the contrary credible.
By having the agent testify that he saw the same illegal content in Boucher's possession at the initial encounter.
Not my job to save you time.
It is my job not to get busted for the myriad State and Federal offenses that I commit on a daily basis. I count at least 12 criminal (non-traffic) offenses off the top of my head.
whether or not it's your "job". it's called being a good citizen.
you are not helping ME. i get paid either way. you are helping yourself, and more importantly - society at large.
The counterargument given by that Va professor in the oft mentioned 'Why You Should Never Talk to the Police' lecture goes like this: the police want to interview you about a murder. You're happy to comply - you know you are innocent. They ask 'Were you at Joe's Bar and Grill (the crime scene) on the night of the 14th?'. You answer 'No, I've never even heard of it'. In fact, you drove by it looking for that funky Ethiopian restaurant you heard was so good, and your license plate was caught on a camera down the street. Now, on the stand, you get to try to explain to the jury why you lied to the police about your whereabouts that night. That's not exactly getting off on the right foot, jury wise.
I think another example (might be wrong, it's been a while) was the police ask 'Who might have wanted your boss dead' and you reply 'everyone, he was a jerk'. Your atty might help you to phrase that sentiment in a more jury friendly way.
I'm not saying that, statistically, it's risky for the innocent to talk to the police - I don't have the data - but there are actual cases where innocent people served long sentences who probably would not have, had they declined to speak w/o an atty. If you haven't read it, try 'Actual Innocence' by Barry Scheck (sp?). It puts Clancy and Grisham to shame, and it's true.
Refusing to talk may be on the far side of cautious, like carrying a fire extinguisher in your car, or getting a CPL, but it's not irrational. It's trying to protect against a low probability but very bad outcome.
Because this case is being appealed to a higher court it is being touted as a precedent-setting case, and that if the appeal fails then judges will be able to force you to decrypt encrypted volumes. But based on the fact that the government already knows what is encrypted on the hard drive then it really isn't a precedent that would force wholesale decryptions, is it? Wouldn't it only apply to cases where the content of the hard drive is already known?
and there are examples where innocent people helped NOT get arrested and NOT charged and NOT convicted BY talking to police.
but you don't hear about htose cases because they don't make into the docket AT ALL.
i can cherry pick examples to prove any point, as can you. except that's just anecdotes.
defense attorneys have a natural bias but the "don't talk to police bias" is just that - a bias. it obstructs justice, it helps the guilty go free, and it wastes time and resources. in many cases, it will place suspicion on you, which wouldn't happen if you just gave a frigging explanation.
i've read many of the arguments for not talking to the police. to state that they are non-compelling is a gross understatement.
there is also a huge difference between being arrested and interrogated, and a field interview.
When I find that guy, I'll pass your advice along.
So if the government already has that information, why do they need to hear it again from me? If they need information from my brain to help convict me, then how is that not self-incrimination?
Isn't this a classic police interrogation technique? Fool the suspect, um, interviewee, into thinking you know far more than you actually know so that he won't think he's giving up anything by talking?
In other words, never ever say anything like "it's for me to know and you to find out". Makes sense even if that didn't infuriate some burly guys with guns.
I know the border exemption pretty much guts the 4th amendment, but what about the 5th? What questions, if any, are you legally obligated to answer from an immigration or customs official?
Is it really a foregone conclusion that Boucher had child porn on his laptop? If Boucher hands over his key, the government can have experts analyze the pictures in question, including any the border agent might not have seen. The experts might find them in a database of known illegal material. The government could show them in court.
Without the key, the prosecution has only the border agent's word that he saw contraband on the laptop. The jury might still believe him, but clearly the government's case would not be quite as compelling.
Or is that not the "foregone conclusion" you're talking about? Let's say you mean only the fact that Boucher knows (or knew) the key, not that the encrypted data on the laptop is contraband. Even so, I'm not sure I agree that the principle applies.
In the precedents, the "foregone conclusion" is that the defendant possesses incriminating paper documents that the government wants to obtain and use against him. But the only tangible object here is the laptop -- and the government already has it. Their problem is that they don't know what it means. It's just a mass of seemingly random bits.
So what the government wants is nothing less than the power to force the defendant to actively assist them in interpreting the evidence against him in an incriminating fashion.
If that would not be a testimonial act, then what would be? How would this be any different from forcing a murder defendant to explain to the crime lab the exact significance of every piece of physical evidence they collected at the crime scene? Obviously this would make the government's job much easier. It might even allow them to obtain a conviction that they would not otherwise be able to get. But that's exactly why we have the fifth amendment in the first place, isn't it?
This is absolutely true. A textbook example took place here in San Diego in 2002. The parents of murder victim Danielle Van Damm smoked some dope with their friends the evening before their daughter was kidnapped and murdered by their neighbor David Westerfield. Naturally they were reluctant to be entirely forthcoming with the police about their exact whereabouts and activities during that time.
This, and their unconventional (but probably not that uncommon sexual lifestyle) were heavily exploited by the defense in their attempt to create reasonable doubt that their client committed the crime.
Exactly my point. So why do they need Boucher's key if they already consider it a foregone conclusion that his laptop contained child porn?
If you have a comment about spelling, typos, or format errors, please e-mail the poster directly rather than posting a comment.
Comment Policy: We reserve the right to edit or delete comments, and in extreme cases to ban commenters, at our discretion. Comments must be relevant and civil (and, especially, free of name-calling). We think of comment threads like dinner parties at our homes. If you make the party unpleasant for us or for others, we'd rather you went elsewhere. We're happy to see a wide range of viewpoints, but we want all of them to be expressed as politely as possible.
We realize that such a comment policy can never be evenly enforced, because we can't possibly monitor every comment equally well. Hundreds of comments are posted every day here, and we don't read them all. Those we read, we read with different degrees of attention, and in different moods. We try to be fair, but we make no promises.
And remember, it's a big Internet. If you think we were mistaken in removing your post (or, in extreme cases, in removing you) -- or if you prefer a more free-for-all approach -- there are surely plenty of ways you can still get your views out.