Man Who Refused to Decrypt Hard Drives Still in Prison after Two Years

Megalith · Sep 2, 2017

A man sent to prison in 2015 is still doing time because he refuses to decrypt a hard drive that was found in his home during a child abuse investigation: Francis Rawls claimed he forgot the password of the encrypted Apple FileVault system, entering three incorrect passwords when questioned by investigators. While Rawls’ team has continued to file appeals, legislation dictates that US citizens must aide any law enforcement investigation.

The suspect appealed the indefinite prison sentence twice, but both appeals failed. His lawyers tried to argue that holding him breaches his Fifth Amendment right to not incriminate himself, but appeal judges did not see it that way. Judges pointed out that the Fifth Amendment only applies to witnesses and that the prosecutors didn't call him as a witness but only made a request for him to unlock his device, hence Fifth Amendment protections did not apply.

EODetroit · Sep 2, 2017

Yeah, this is bullshit. The Apple iPhone case was the same thing, shame that didn't go to the supreme court.

Zepher · Sep 2, 2017

aren't you supposed to be innocent till proven guilty? they have no proof yet, so he is technically innocent till they get the proof showing that he is guilty.

Spidey329 · Sep 2, 2017

Zepher said:
aren't you supposed to be innocent till proven guilty? they have no proof yet, so he is technically innocent till they get the proof showing that he is guilty.

The issue that disturbs me is that there are scenarios that you *would* forget the encryption key. I probably have some encrypted drives laying around that I haven't accessed in years because they're redundant, and thus since they're not important, I wouldn't recall the encryption key as I'd just format them. It would suck to have my house raided and be put in prison indefinitely because of it.

What really sucks is that he likely hasn't been brought to trial, so this may be a contempt of court holding. If it is, he may not get time-served credit.

The whole being compelled to reveal an encryption key thing needs a SCOTUS judgement. Some law scholars argue it is fifth protected, others say it is not (like this judge).

thesmokingman · Sep 2, 2017

It's crazy that they are using an encryption key as a catch 22.

Azphira · Sep 2, 2017

Zepher said:
Aren't you supposed to be innocent till proven guilty?

There are a lot of things this country is supposed to be, but it's reaching a point where voting can no longer fix it.

Maxx · Sep 2, 2017

This is why you use a hidden volume.

EODetroit · Sep 2, 2017

Maxx said:
This is why you use a hidden volume.

Except that you may have legitimately forgotten a password for anything you ever created a password for. And when the police demand you remember it, and you can't, you're jailed for life.

Kdawg · Sep 2, 2017

i forget my email passwords all the time.... the ones for my spam accounts

I always have to request a password reset.

So I'd be fucked if I couldn't decrypt my hard drive.

The dude probably does have a bunch of child porn on there, but what about the rest of us who are innocent? Can't the NSA crack this shit with their ubercomputers?

DocNo · Sep 2, 2017

The real problem here is he first refused then claimed he couldn't remember.

Moral of the story - if doing something sketchy and you get caught, always claim you can't remember

SvenBent · Sep 2, 2017

So the "You have the right to remain silent" is not really a right?

Seventyfive · Sep 2, 2017

From a constitutional standpoint, I think the guy has a right to refuse to decrypt the drive.

On the other hand, since it involves child abuse, the only real solution is to turn off the cameras and beat the password out of him.

Krazy925 · Sep 2, 2017

This case is super fucked because it makes me want to make excuses for a chomo. I hate this case.

skydriver · Sep 2, 2017

Kdawg said:
i forget my email passwords all the time.... the ones for my spam accounts

I always have to request a password reset.

So I'd be fucked if I couldn't decrypt my hard drive.

The dude probably does have a bunch of child porn on there, but what about the rest of us who are innocent? Can't the NSA crack this shit with their ubercomputers?

This is me all the time.

They should have done a better job getting evidence on this guy if he was being suspected of child abuse...then shot if found guilty. It's the only time I think justice should be so sever, when it involves children. Why is their entire case seemingly based on these drives? Shoddy detective work I assume but I'm no detective so it's all subjective I guess. The only good thing maybe is, if he is guilty at least he's locked up...and maybe that's the real point with the courts...scary how our justice system works sometimes. Not sure what the clear right answer is on this, if their is one.

Paladin21 · Sep 2, 2017

I've never understood this case, but maybe it's shitty reporting. The articles on it always say some close variation of "content on the encrypted drive matches file hashes of child porn." If the drive is encrypted, how the hell can they talk about hashes of files on it? If they have that sort of evidence, what need have they of the password? If they don't have that sort of evidence, then they need to stop claiming that they know what's on the drive because they don't, they only suspect.

Also, it's complete and total bullshit in the way they've structured the guy's case. If they had charged him with child porn, he wouldn't have to provide them any information. Instead, they got the judge to issue an order to unlock the drive to "aid their investigation" and then charged him with failing to obey a court order. It's either Constitutional or not, there shouldn't be any "legal trickery" (as this article calls it) that allows you to sidestep the issue. You either have rights, or you don't. If they're only applicable when the court feels like letting you have them, they aren't rights at all, only privileges.

bigdogchris · Sep 2, 2017

Maxx said:
This is why you use a hidden volume.

... yeah about that. Computer forensics do not take a drive, plug it into Windows and say "oh I can't see anything, guess there's no data here". That's about as far from how it really happens as possible.

When the drive is tested the first thing they do is make a raw copy of the disk which would expose any data, even if random garbage. Plus, knowing this type of tech exist, if the FBI thinks they find some person with child porn but their encrypted drives only have grandma's chocolate chip cookie recipe, they might be a little suspicious.

That said, I do agree with the person who said that if they actually did forget the password, how can you be punished for that? However, the guy is probably guilty because I doubt he would be doing this just to set a precedent of establishing people's rights.

Gorankar · Sep 2, 2017

You know, even if he did remember it back then, 2 years later he may not. Do they have any evidence that he actually remembers the password? I know I have forgot passwords. .

Master_shake_ · Sep 2, 2017

This is like the ACLU's wheel house where the fuck are they?

nilepez · Sep 2, 2017

Master_shake_ said:
This is like the ACLU's wheel house where the fuck are they?

They've filed amicus briefs supporting the guy, as has the EFF. This is a bullshit case. The guy may be a scumbag, but even scumbags have constitutional rights and this is clearly an end run around the 5th amendment. Today it's an alleged child abuser. Tomorrow it may be about your political conversations with someone else.

This is basically the government saying, we think he's a criminal, but one smart enough not to get caught. And given that the ONLY reason they want him to unlock it is because they think he's guilty, it's insane that they'd being compelled to wave his 5th amendment rights.

Maxx · Sep 2, 2017

EODetroit said:
Except that you may have legitimately forgotten a password for anything you ever created a password for. And when the police demand you remember it, and you can't, you're jailed for life.

So? Nothing in my comment even touched upon that.

Maxx · Sep 2, 2017

bigdogchris said:
... yeah about that. Computer forensics do not take a drive, plug it into Windows and say "oh I can't see anything, guess there's no data here". That's about as far from how it really happens as possible.

When the drive is tested the first thing they do is make a raw copy of the disk which would expose any data, even if random garbage. Plus, knowing this type of tech exist, if the FBI thinks they find some person with child porn but their encrypted drives only have grandma's chocolate chip cookie recipe, they might be a little suspicious.

That said, I do agree with the person who said that if they actually did forget the password, how can you be punished for that? However, the guy is probably guilty because I doubt he would be doing this just to set a precedent of establishing people's rights.

It's common practice among "those who know" to have nested encrypted volumes so you're capable of giving them a key to an encrypted top-level volume that holds little to no value. The FBI is "aware" of a lot of things, that doesn't make them omniscient with endless resources. If you happen to forget the password to your primary volume (or a volume which has something you consider valuable), then you're a moron and not a criminal, but that's irrelevant. I'm all for rights but simultaneously you need to encourage individual responsibility to some degree.

ChoGGi · Sep 2, 2017

"Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content [source, page 5]."
Not exactly what I'd call an encrypted hard drive...

the cite from the PDF is "The Forensic examination also
disclosed that Doe had downloaded thousands of files known
by their “hash” values to be child pornography. "
Anyone know where they're getting these hashes from, or is this just a warning not to use Apple FileVault for anything you don't want law enforcement knowing about?

CRaschNet · Sep 2, 2017

ChoGGi said:
"Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content [source, page 5]."
Not exactly what I'd call an encrypted hard drive...

the cite from the PDF is "The Forensic examination also
disclosed that Doe had downloaded thousands of files known
by their “hash” values to be child pornography. "
Anyone know where they're getting these hashes from, or is this just a warning not to use Apple FileVault for anything you don't want law enforcement knowing about?

Only thing I can think of is the encryption he was using did not use his key for file integrity checking. The integrity hash must of been stored in the meta data un-encrypted.

Burticus · Sep 2, 2017

OK, So I work in IT and have to juggle about 10 different passwords in my brain-bag on a daily basis. That's just work. Now when I get home I might have 10-20 more, depending on what I'm doing on a daily basis. Forum passwords, etc.

Is it possible this guy doesn't remember a password? Hell yes it is.

N4CR · Sep 2, 2017

Kdawg said:
i forget my email passwords all the time.... the ones for my spam accounts

I always have to request a password reset.

So I'd be fucked if I couldn't decrypt my hard drive.

The dude probably does have a bunch of child porn on there, but what about the rest of us who are innocent? Can't the NSA crack this shit with their ubercomputers?

This.
I think much like 'regular deletion of emails to clean storage space etc' if you can prove a past prescedent for not remembing passwords/having to reset them (on a service which cannot be reset like this) you might have a case. I certainly would.

As I get older, the more complicated and varied passwords for all the stupid shit I have them for gets harder to remember and I do more resets.

nysmo · Sep 3, 2017

Burticus said:
OK, So I work in IT and have to juggle about 10 different passwords in my brain-bag on a daily basis. That's just work. Now when I get home I might have 10-20 more, depending on what I'm doing on a daily basis. Forum passwords, etc.

Is it possible this guy doesn't remember a password? Hell yes it is.

Well, I'm guessing he has a single computer in his household and they have evidence that it was used up until the day of arrest, so the likelihood of him forgetting is unrealistic. It's like saying you forgot your debit card pin 5 minutes after they have video tape of you using the ATM at the bank. As for uncovering file hashes on an encrypted drive, they simply must not have been encrypted. Either he has a mutli-HD system with an unencrypted OS drive they were able to piece together info from, or he was part of a honeypot sting so they know they sent porn to his IP, or maybe they uncovered something on a thumbdrive and were able to determine that thumb drive was attached to his computer at some point.

I imagine if one of us had our homes raided and they found a 10 year old harddrive collecting dust in a box of junk parts in the attic we could claim we forgot the PW. But the PC sitting in front of your desk in the living room with router logs showing network activity that very day? Yeah not a chance...

B00nie · Sep 3, 2017

EODetroit said:
Except that you may have legitimately forgotten a password for anything you ever created a password for. And when the police demand you remember it, and you can't, you're jailed for life.

So if you're an american you better write down your encryption passwords and put them to a safe place lol. Pretty crazy.

Having said that if a child molester sits in jail for dubious reasons it's better than him not staying in jail for legally obstructing the justice.

nutzo · Sep 3, 2017

We need better encryption software.
Enter the 1st password and you have access to your data.
Enter the special password and everything is automatically wiped except for a special folder you created.
Refuse to give them the password until they threaten you with jail time and then reluctantly give then the "special" password.

That way all they get is some pictures of your car, some game folders, etc.

Gorankar · Sep 3, 2017

If they have enough evidence to convict then they should go ahead and do so. They can't prove he did not forget the password, and even if he did, and does still remember it 2 years later, it is obvious he is not going to fess up to that. If he is not talking and you can't prove it, it is time to set him free. Find another way to get him if he is actually guilty.

Regardless of the veracity of the claim, it seems to be frighteningly easy to simply disregard the rights of a person that is accused of "child porn". Actually, the moment you bring it up, feelings seem to take over and reason gets tossed out the window by many. Guilt typically becomes assumed, and the burden to prove innocence reaches near impossible levels.

Exchange child abuse/porn for almost anything else, like, say, tax evasion, and people's response to violations of rights changes. The law is supposed to protect the least of us, because you never know when the criteria for that will change and include you.

Uvaman2 · Sep 3, 2017

So he has no rights because he is not charged with the crime yet, but he can be accused of hindering the investigation against.. himself? But there is not right to remain silent because hes not charged?... Any lawyers here that can defend this? I mean if cooperation in finding a crime where none is found yet... = self incrimination do still have to cooperate and its a crime if you don't?
So yeah as posted already this seems perfect to use for anything.
However there has to be validity to what is done.. because seems pretty bad from a distance... Then again hard cases make bad laws.

Rebel44 · Sep 3, 2017

Uvaman2 said:
So he has no rights because he is not charged with the crime yet, but he can be accused of hindering the investigation against.. himself? But there is not right to remain silent because hes not charged?... Any lawyers here that can defend this? I mean if cooperation in finding a crime where none is found yet... = self incrimination do still have to cooperate and its a crime if you don't?
So yeah as posted already this seems perfect to use for anything.
However there has to be validity to what is done.. because seems pretty bad from a distance... Then again hard cases make bad laws.

Wouldnt suprise me if this ended with $$$$$$$ settlement due to violation of his constitutional rights.

N4CR · Sep 3, 2017

nutzo said:
We need better encryption software.
Enter the 1st password and you have access to your data.
Enter the special password and everything is automatically wiped except for a special folder you created.
Refuse to give them the password until they threaten you with jail time and then reluctantly give then the "special" password.

That way all they get is some pictures of your car, some game folders, etc.

That's neat.
Now to develop it without them knowing...

michalrz · Sep 3, 2017

nutzo said:
We need better encryption software.
Enter the 1st password and you have access to your data.
Enter the special password and everything is automatically wiped except for a special folder you created.
Refuse to give them the password until they threaten you with jail time and then reluctantly give then the "special" password.

That way all they get is some pictures of your car, some game folders, etc.

This exists, truecrypt calls it IIRC a hidden container. So, two passwords, two sets of files.

tetris42 · Sep 3, 2017

Uvaman2 said:
So he has no rights because he is not charged with the crime yet, but he can be accused of hindering the investigation against.. himself? But there is not right to remain silent because hes not charged?... Any lawyers here that can defend this? I mean if cooperation in finding a crime where none is found yet... = self incrimination do still have to cooperate and its a crime if you don't?
So yeah as posted already this seems perfect to use for anything.
However there has to be validity to what is done.. because seems pretty bad from a distance... Then again hard cases make bad laws.

The 5th amendment is more of pre-9/11 thing.

Twisted Kidney · Sep 3, 2017

Correct me if I'm wrong, but this guy is in the hoosegow for refusing to comply with a search warrant. Something anyone can go to the joint for, it's been that way since forever.

If the police have a warrant to search your house, putting a concrete sarcophagus around it to hide your wife's body is illegal. That's called obstructing justice.

This dude is not a hero, he's found a way to lock up evidence to obstruct justice. The American fifth amendment does not cover hiding the people's bodies in increasingly clever ways, it covers admitting you killed them.

I'm pretty sure concealing or destroying evidence is not a constitutional right.

Mugato · Sep 3, 2017

ChoGGi said:
"Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content [source, page 5]."
Not exactly what I'd call an encrypted hard drive...

the cite from the PDF is "The Forensic examination also
disclosed that Doe had downloaded thousands of files known
by their “hash” values to be child pornography. "
Anyone know where they're getting these hashes from, or is this just a warning not to use Apple FileVault for anything you don't want law enforcement knowing about?

These hashes are created and shared by Microsoft with Interpol, FBI, NSA etc.

0neTwo · Sep 3, 2017

Even if guilty(probably from the hashes matching), the guy stands to gain everything from just never admitting it. Would you rather stay in jail for not complying with police or for child porn?

Jagger100 · Sep 3, 2017

ChoGGi said:
"Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content [source, page 5]."
Not exactly what I'd call an encrypted hard drive...

the cite from the PDF is "The Forensic examination also
disclosed that Doe had downloaded thousands of files known
by their “hash” values to be child pornography. "
Anyone know where they're getting these hashes from, or is this just a warning not to use Apple FileVault for anything you don't want law enforcement knowing about?

probably a file by file integrity hash. From other copies from other people, they have what the integrity hash would be. OTOH, If the hashed file has more bits than the hash, the hash is no longer unique. This is why they still need to decrypt them.

ChoGGi · Sep 3, 2017

Mugato said:
These hashes are created and shared by Microsoft with Interpol, FBI, NSA etc.

Yes I've heard of those hashes, I was just curious about how they found those same hashes on a supposedly encrypted hard drive.
I took another look at the PDF, it seems it's a mac with an encrypted external HDD, so something was stored on the computer itself (apparently by the thousands).

Edit: Reading some more of the PDF; I gotta say fuck him, let him rot...
"Doe and his counsel appeared at the Delaware County Police
Department for the forensic examination of his devices. Doe
produced the Apple iPhone 6 Plus, including the files on the
secret application, in a fully unencrypted state by entering
three separate passwords on the device. The phone contained
adult pornography, a video of Doe’s four-year-old niece in
which she was wearing only her underwear, and
approximately twenty photographs which focused on the
genitals of Doe’s six-year-old niece. "

Mugato · Sep 3, 2017

I hope he spends a hell of a lot of time suffering.

I was able to attend a cyber security seminar in Redmond which was really neat. They talked about the hashes and how they build them, segmenting the pictures and applying 100's of filters, then deleting the raw. Despite the shade thrown, they are doing some good things.

Man Who Refused to Decrypt Hard Drives Still in Prison after Two Years

24-bit/48kHz

[H]ard|Gawd

[H]ipster Replacement

[H]F Junkie

Supreme [H]ardness

[H]ard|Gawd

[H]ard|Gawd

[H]ard|Gawd

[H]ard|Gawd

Gawd

2[H]4U

[H]ard|Gawd

Supreme [H]ardness

Limp Gawd

Gawd

Fully [H]

[H]F Junkie

Fully [H]

[H]F Junkie

[H]ard|Gawd

[H]ard|Gawd

[H]ard|Gawd

Limp Gawd

Supreme [H]ardness

Supreme [H]ardness

Gawd

[H]F Junkie

Supreme [H]ardness

[H]F Junkie

2[H]4U

2[H]4U

Supreme [H]ardness

Supreme [H]ardness

Supreme [H]ardness

Supreme [H]ardness

Muh Feelz!

Limp Gawd

Supreme [H]ardness

[H]ard|Gawd

Muh Feelz!