• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

Child-porn suspect ordered to decrypt his own data

Status
Not open for further replies.
T

ToxicAdam

Member
A federal magistrate is reversing course and ordering a Wisconsin man suspected of possessing child pornography to decrypt hard drives the authorities seized from his residence.

The development comes as a month after the same magistrate thwarted prosecutors’ demands that Jeffrey Feldman unlock drives they believe contain child pornography.

Decryption orders are rare, but are likely to become more commonplace as the public slowly embraces a technology that comes standard even on Apple computers. The orders have never squarely been addressed by the Supreme Court, despite varying opinions in the lower courts.

Just last month, U.S. Magistrate William Callahan Jr. said the Fifth Amendment right against compelled self-incrimination protected even those suspected of unsavory crimes, but added that “this is a close call.”

But prosecutors convinced Callahan to change his mind. Among other reasons, the authorities were able, on their own, to decrypt one drive from Feldman’s “storage system” and discovered more than 700,000 files, some of “which constitute child pornography,” the magistrate said.

When he ruled against the government last month, the magistrate said the authorities did not have enough evidence linking Feldman to the data, and that forcing the computer scientist to unlock it would be tantamount to forcing him to confess that it was his. But that theory is now out the door, because the data on the decrypted drive contains pictures and financial information linking Feldman to the “storage system,” the magistrate said last week.

“Such being the case, the government has now persuaded me that it is a ‘foregone conclusion’ that Feldman has access to and control over the subject encrypted storage devices. Thus, under the current state of the law as more particularly discussed in the court’s April 19 Decision and Order, Fifth Amendment protection is no longer available to Feldman with respect to the contents of the encrypted storage devices.”

Contrast that to what the magistrate ordered last month:

This is a close call, but I conclude that Feldman’s act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already know with ‘reasonably particularity’ —namely, that Feldman has personal access to and control over the encrypted storage devices. Accordingly, in my opinion, Fifth Amendment protection is available to Feldman. Stated another way, ordering Feldman to decrypt the storage devices would be in violation of his Fifth Amendment right against compelled self-incrimination. (.pdf)

The government told the magistrate that the “FBI is performing admirable” (.pdf) in its quest to pick hard drive locks. But it needs an encryption order because “the expense in time and resources investigating cases like this one is beginning to inhibit the provision of justice.”

Feldman was not immediately reachable for comment.

Among the last times this came up in court was last year, when a federal appeals court rejected an appeal from a bank-fraud defendant who has been ordered to decrypt her laptop so its contents could be used in her criminal case. The issue was later mooted for defendant Romano Fricosu as a co-defendant eventually supplied a password.

The authorities had evidence linking her to the hard drive. They had recorded a jailhouse conversation between her and a co-defendant, in which the laptop’s contents were discussed, according to court papers.

Meanwhile, a failure to comply with the decryption order might result in a contempt charge, landing Feldman in jail pending compliance. Alleging you forgot your password presents a host of other legal issues.
Click to expand...

http://www.wired.com/threatlevel/2013/05/decryption-order/
 
I really hate it when I can totally see how something is an abuse of power on some level and yet still warranted given the context. This is one such scenario.
 
the authorities were able, on their own, to decrypt one drive from Feldman’s “storage system”
Click to expand...

i dont get this, so stuff like truecrypt can be decrypted by the feds etc even with a strong password?

i know you can find out the password from the RAM if a volume is not unmounted properly but didnt know about this
 
This shouldn't really fly, but what he can do is decrypt a hidden container within TrueCrypt and have it seem as though its been decrypted - should fool 80% of the forensic specialists out there.
 
iNvid02 said:
i dont get this, so stuff like truecrypt can be decrypted by the feds etc even with a strong password?

i know you can find out the password if a volume is not unmounted properly but didnt know about this
Click to expand...
the feds just decrypted your surprise
 
What legal issues does claiming you forgot your password create? It's not like they can actually prove the man is lying about such a thing.

On the one hand, one does not want to see scumbags get away with crimes as despicable as what the man is accused of. On the other hand, it does seem unreasonable to expect the man to do the prosecution's job for them. It definitely seems as though the fifth amendment should protect the man from actually having to provide the password.
 
Isn't this more comparable to a search warrant once he is established as having "control" and ownership of the drive?

I say a justice system is deficient if all a criminal has to do is put a hard password on all the incriminating evidence.
 
I'm not sure on this one. If the feds were able, through their own work and investigation, decrypt one drive and found crimes, isn't it reasonable for them to cite probable cause and push for a judge to order the decryption of the other drives?

Seems like that is an important detail in this particular case.
 
Yeah I don't particularly like the fact that they are trying to force this guy to self incriminate. I also hope that they are able to nail him to the wall if he is in fact guilty of having child pornography.
 
Such a weird sentence:

a technology that comes standard even on Apple computers.
Click to expand...

Even on Apples, guys!

I agree that this asshole should be taking the Fifth as though his life depended on it.
 
This is one of those things that's going to be interesting to watch shake out over the next few years. It's always struck me as an area that the criminal justice system is rather ill-equipped to handle.

Stumpokapow said:
What happens if he uses the plausible deniability password instead of the main password?
Click to expand...

It'd be interesting to see what the repercussions would be if he provided a password and the forensic investigators determined that there were still encrypted sectors remaining on the drive. I don't think there's any precedent for a court having to address the existence of a hidden volume or similar on an encrypted drive.
 
The worst thing that can happen is that this will result in a mistrial. But his rights are being infringed upon. I don't see how this isn't an open and shut fifth amendment case. If they already decrypted one hard-drive why do they even need evidence from the others. The one they did decrypt is enough evidence for a jury conviction. It's just stupid on the part of the prosecution.
 
Nappuccino said:
isn't this kinda verging on pleading the fifth?
Click to expand...

It's more like being forced to open a door in your house with evidence behind it. They know it's there, they have a warrant to search it, they just can't get through the door for whatever reason.
 
Affeinvasion said:
The worst thing that can happen is that this will result in a mistrial. But his rights are being infringed upon. I don't see how this isn't an open and shut fifth amendment case. If they already decrypted one hard-drive why do they even need evidence from the others. The one they did decrypt is enough evidence for a jury conviction. It's just stupid on the part of the prosecution.
Click to expand...

because in the article it says that law enforcement decrypted one of the drives and found financial and identification documents linking him to the storage system, which then reversed the judges decision on the matter. previously it was such a case. (Is how I understand the details in the op)
 
ixix said:
This is one of those things that's going to be interesting to watch shake out over the next few years. It's always struck me as an area that the criminal justice system is rather ill-equipped to handle.



It'd be interesting to see what the repercussions would be if he provided a password and the forensic investigators determined that there were still encrypted sectors remaining on the drive. I don't think there's any precedent for a court having to address the existence of a hidden volume or similar on an encrypted drive.
Click to expand...
Wouldn't it be similar to a suspect or person of interest withholding evidence or destroying it knowing full well the court is looking for it?

I think courts usually already have precedent for such a thing.

Also, in this case, it appears investigators were able to decrypt one drive and found child porn. I'd think that gives them leeway to ask a court to order the decryption of the others. But I'm not a constitutional scholar or lawyer.
 
I know you can decrypt a dummy partition with one password and and the real data with another, but my ideal encryption software would have a third password - type it in and it looks like it's extracting but it's actually PGP wiping everything.
 
Deified Data said:
I really hate it when I can totally see how something is an abuse of power on some level and yet still warranted given the context. This is one such scenario.
Click to expand...

Well thats a large part of why we have courts, in theory.

Is there really no precedent in any physical analogue though? No cases in the past with uncrackable unbreakable safes?
 
The fifth amendment issue is as follows: by decrypting a hard drive, the perv would provide the Feds with evidence the hard drives full of illegal porn were his, which would be incriminating.

The Feds now have sufficient convincing evidence, through partial decryption, that the hard drives are his.

Therefor, No more Fifth Amendment issue.

Also, suggesting that a suspect destroy evidence being sought by the Feds is a dumb idea. Willful Spoliation of evidence gives the court the right to assume the evidence is unfavorable to the defendant.
 
GoldenEye 007 said:
Wouldn't it be similar to a suspect or person of interest withholding evidence or destroying it knowing full well the court is looking for it?

I think courts usually already have precedent for such a thing.

Also, in this case, it appears investigators were able to decrypt one drive and found child porn. I'd think that gives them leeway to ask a court to order the decryption of the others. But I'm not a constitutional scholar or lawyer.
Click to expand...

Possibly. But as a matter of practicality the defendant could be like "Oh, I bollocksed up the formatting of the encrypted drive so there's a bunch of garbage that doesn't do anything that I never bothered to remove. My bad!" And there wouldn't be a whole lot of means to prove him wrong. Demonstrating the existence of a hidden volume is possible, but it isn't trivial.

I also wonder if courts in general would be more amenable to a defendant claiming to have stored a keyfile on a USB drive that they subsequently lost than to a claim to have forgotten a password. There's not really a distinction between the excuses technologically speaking, but from the perspective of a court "I lost a thingy containing my password" and "I just plum forgot my password" aren't necessarily identical excuses. It's not directly touted as a form of deniability in the way that hidden volumes are, but the ability to tie decryption of a drive to a physical device is definitely a form of it.

From a purely practical perspective the existence of easy-to-use, ubiquitous strong encryption programs is one of those things that's gonna be messing around with us for a while. I think it's a close second to ubiquitous 3D printers in terms of the amount of havoc it's going to cause in terms of governance.
 
Fusebox said:
I know you can decrypt a dummy partition with one password and and the real data with another, but my ideal encryption software would have a third password - type it in and it looks like it's extracting but it's actually PGP wiping everything.
Click to expand...

I don't think that's possible even in theory.

VanillaCakeIsBurning said:
So what can they do if he just says he forgot the password?

Put him in jail for life?
Click to expand...

Probably find him in contempt of court. I don't think he can be held indefinitely, though. Perhaps a few years.
 
B-Dubs said:
It's more like being forced to open a door in your house with evidence behind it. They know it's there, they have a warrant to search it, they just can't get through the door for whatever reason.
Click to expand...

That's exactly how this would be seen by the courts. If I have a warrant to search your home and you have a room padlocked or a reinforced steel door, they can order you to open it.

Same would apply here. They already have a warrant for the files on the computer, but the lock is too complicated for them open. So the owner can be compelled to unlock the door, so to speak.
 
HeySeuss said:
That's exactly how this would be seen by the courts. If I have a warrant to search your home and you have a room padlocked or a reinforced steel door, they can order you to open it.

Same would apply here. They already have a warrant for the files on the computer, but the lock is too complicated for them open. So the owner can be compelled to unlock the door, so to speak.
Click to expand...

I agree, but I think the argument being presented here is that there is, at least legally, enough doubt about if he owns the drives.
 
The Technomancer said:
Well thats a large part of why we have courts, in theory.

Is there really no precedent in any physical analogue though? No cases in the past with uncrackable unbreakable safes?
Click to expand...

The oft-quoted bit on this point says that compelling someone to produce the key to a strongbox does not violate the Fifth Amendment, but that compelling him to reveal the combination to a safe would, as the latter represents the "contents of his mind" where the former does not. It's from the dissent in a Supreme Court opinion, however, and thus has no precedential value per se.

Regardless, the problem with these analogies in cases like this is that it's rather hard to determine when producing a password is like producing a key and when it's like producing a combination. Thus, different courts come to different conclusions based on similar facts, and will likely continue to do so until the Supreme Court steps in and reconciles its prior Fifth Amendment precedent with the realities of encryption technology.
 
Balphon said:
The oft-quoted bit on this point says that compelling someone to produce the key to a strongbox does not violate the Fifth Amendment, but that compelling him to reveal the combination to a safe would, as the latter represents the "contents of his mind" where the former does not. It's from the dissent in a Supreme Court opinion, however, and thus has no precedential value per se.

Regardless, the problem with these analogies in cases like this is that it's rather hard to determine when producing a password is like producing a key and when it's like producing a combination. Thus, different courts come to different conclusions based on similar facts, and will likely continue to do so until the Supreme Court steps in and reconciles its prior Fifth Amendment precedent with the realities of encryption technology.
Click to expand...

Yeah, this is just weird and kind of dumb to me. Its tying up the intent of a law in the minutiae of the physical nature of the objects, in this case a distinction between different methods of providing "access"
 
I don't have an issue with this. It's akin to asking a suspect to open a locked safe. As long as they have a warrant, nothing is wrong here.

EDIT - I see this has already been covered.
 
The Technomancer said:
Yeah, this is just weird and kind of dumb to me. Its tying up the intent of a law in the minutiae of the physical nature of the objects, in this case a distinction between different methods of providing "access"
Click to expand...

It's certainly a bit of strained reasoning. Still, this specific issue is (to my knowledge, anyway) not something that courts have really had to thoroughly grapple with until relatively recently. In the past, it was generally within the power of law enforcement to simply break into a locked container within a reasonable time if they had cause and opportunity to do so.
 
So what happens if you honestly don't know the password, either it not really being your device to you just plain can't remember.
 
Balphon said:
The oft-quoted bit on this point says that compelling someone to produce the key to a strongbox does not violate the Fifth Amendment, but that compelling him to reveal the combination to a safe would, as the latter represents the "contents of his mind" where the former does not. It's from the dissent in a Supreme Court opinion, however, and thus has no precedential value per se.

Regardless, the problem with these analogies in cases like this is that it's rather hard to determine when producing a password is like producing a key and when it's like producing a combination. Thus, different courts come to different conclusions based on similar facts, and will likely continue to do so until the Supreme Court steps in and reconciles its prior Fifth Amendment precedent with the realities of encryption technology.
Click to expand...

Is he being ordered to produce the key or input it? Because they are very different things.

I am happy to see this ruling, because encryption should not be a fool proof way to conceal evidence. The requirement to prove that the defendant had access to the drive is important and limits the power.
 
Judging from the way the prosecution is pursuing the case, his defense seemingly alleged that the drives weren't necessarily his. Don't know if you can go from "these aren't my drives!" to "oh, those drives, weird! I, uh, forgot the password" in court, but on the face of it looks like he's fucked and backed into a corner.
 
ixix said:
It'd be interesting to see what the repercussions would be if he provided a password and the forensic investigators determined that there were still encrypted sectors remaining on the drive. I don't think there's any precedent for a court having to address the existence of a hidden volume or similar on an encrypted drive.
Click to expand...

You claim to only know the password for the unhidden volume. "What's a hidden volume, your honor?"
 
Cat Party said:
Is he being ordered to produce the key or input it? Because they are very different things.

I am happy to see this ruling, because encryption should not be a fool proof way to conceal evidence. The requirement to prove that the defendant had access to the drive is important and limits the power.
Click to expand...

No idea, but I'm not sure why they would need him to physically input it. I'm not exactly versed in cryptography, though.
 
If he used the publicly unknown encryption scheme that rearranges the data in a way that creates a few actual usable files on top of the "random" encrypted data (which when modified or sometimes even accessed, creates massive errors in the volume), he may have gotten away with it. Or the one that stripes the encrypted data across any number of drives in any number of locations. Or the one with time-limited self-destruct mode. Or installed a battery backup "trip-switch" that will probably delete the data by the time the authorities actually open up the case, initiated by a timer.

The russian botnet billionaire is somehow using quantum entanglement in his experimental system to encrypt, and the most sensitive data has "passwords" that are a series of logical puzzles that require something even beyond a genius level mind to decode. The entire system is a pyramid where every problem has multiple or even infinite solutions. The correct series of answers is based off the topology of very specific multidimensional fractal that he uses to easily find solutions to quantum algorithmic problems. Apparently this method has only 1% space efficiency on the storage medium.

iBSD15y.jpg
 
Balphon said:
No idea, but I'm not sure why they would need him to physically input it. I'm not exactly versed in cryptography, though.
Click to expand...

Giving his password to them is testimonial. Typing it in secretly is arguably not. In the latter example, all he does is give them access.
 
Doesn't that violate the whole 5th Amendment? I mean the guy probably deserves everything that will happen to him, but he should be brought to justice the right way.
 
Status
Not open for further replies.

Similar threads

  • Locked
YouTuber "Mr. Crafty Pants" arrested over Child Porn
10
648
kevboard replied
Collective Shout celebrates Age Verification for porn in Australia: 'For the Children'
Social 
4
329
Banjo64 replied
Michael J Fox reacts to his "Remembrance Obituary" after CNN erroneously posts his death
News Drama Cringe 
25
584
Mr Reasonable replied
Utah woman who wrote a children’s book about dealing with grief after her husband’s death has been sentenced to life in prison for his murder
2
52
479
roosnam1980 replied
Uber Held Liable, Ordered to Pay $8.5 Million in Driver Rape Suit
2
50
958
xrnzaaas replied
Top Bottom