Man Who Refused to Decrypt Hard Drives Still in Prison after Two Years

nutzo said:
We need better encryption software.
Enter the 1st password and you have access to your data.
Enter the special password and everything is automatically wiped except for a special folder you created.
Refuse to give them the password until they threaten you with jail time and then reluctantly give then the "special" password.

That way all they get is some pictures of your car, some game folders, etc. :whistle:
Click to expand...
As I pointed out earlier, the first thing they do is make a copy of the disk and only work with a copy of the disk. The original is never touched.
 
well, he said he forgot the PW. Can't he contact whoever and prove his identity and gain access?
 
ChoGGi said:
Yes I've heard of those hashes, I was just curious about how they found those same hashes on a supposedly encrypted hard drive.
I took another look at the PDF, it seems it's a mac with an encrypted external HDD, so something was stored on the computer itself (apparently by the thousands).


Edit: Reading some more of the PDF; I gotta say fuck him, let him rot...
"Doe and his counsel appeared at the Delaware County Police
Department for the forensic examination of his devices. Doe
produced the Apple iPhone 6 Plus, including the files on the
secret application, in a fully unencrypted state by entering
three separate passwords on the device. The phone contained
adult pornography, a video of Doe’s four-year-old niece in
which she was wearing only her underwear, and
approximately twenty photographs which focused on the
genitals of Doe’s six-year-old niece. "
Click to expand...

This isn't about him. They're doing an endrun around the 5th amendment. Sorry, but this guy is probably a scum bag, but that's besides the point. AFAIK, if you have a coded diary, they can't force you to decode it for htem. That's essentially what this is, IMO (and no I'm not a lawyer).
 
nilepez said:
This isn't about him. They're doing an endrun around the 5th amendment. Sorry, but this guy is probably a scum bag, but that's besides the point. AFAIK, if you have a coded diary, they can't force you to decode it for htem. That's essentially what this is, IMO (and no I'm not a lawyer).
Click to expand...
They are end running the 6th as well. This guy prolly deserves jail time it, but if they can trample his rights and do this to him, they can do it to the rest of us as well. They have enough evidence to make the claim he has CP, then maybe they need to take that evidence to trial. The loophole of not charging him is a BS move.
 
nysmo said:
Well, I'm guessing he has a single computer in his household and they have evidence that it was used up until the day of arrest, so the likelihood of him forgetting is unrealistic. It's like saying you forgot your debit card pin 5 minutes after they have video tape of you using the ATM at the bank. As for uncovering file hashes on an encrypted drive, they simply must not have been encrypted. Either he has a mutli-HD system with an unencrypted OS drive they were able to piece together info from, or he was part of a honeypot sting so they know they sent porn to his IP, or maybe they uncovered something on a thumbdrive and were able to determine that thumb drive was attached to his computer at some point.

I imagine if one of us had our homes raided and they found a 10 year old harddrive collecting dust in a box of junk parts in the attic we could claim we forgot the PW. But the PC sitting in front of your desk in the living room with router logs showing network activity that very day? Yeah not a chance...
Click to expand...

ok, but now it's been 2 years, is it now possible to believe the password is forgotten?
 
nutzo said:
We need better encryption software.
Enter the 1st password and you have access to your data.
Enter the special password and everything is automatically wiped except for a special folder you created.
Refuse to give them the password until they threaten you with jail time and then reluctantly give then the "special" password.

That way all they get is some pictures of your car, some game folders, etc. :whistle:
Click to expand...
And all you get are the additional charges of obstruction of justice and spoliation of evidence...

It's not like they're doing this "live" on your machine, it'll be one of many copies of your drive.
 
Gorankar said:
They are end running the 6th as well. This guy prolly deserves jail time it, but if they can trample his rights and do this to him, they can do it to the rest of us as well. They have enough evidence to make the claim he has CP, then maybe they need to take that evidence to trial. The loophole of not charging him is a BS move.
Click to expand...
Exactly. I believe it's likely the guy is either a pedophile or ephebophile (didn't pay attention to the ages of the niece), but violating constitutional rights is not the way to go.
 
B00nie said:
So if you're an american you better write down your encryption passwords and put them to a safe place lol. Pretty crazy.

Having said that if a child molester sits in jail for dubious reasons it's better than him not staying in jail for legally obstructing the justice.
Click to expand...

AFAIK, you can be compelled to open a safe though ;-). Whether you can be compelled to provide a password/encryption key seems to be split (whether the 5th amendment can be used as a defense, or whether in forgetting a password you can be held in contempt ect). We need a SCOTUS decision. It sucks that the guy in the article probably is guilty so he's not exactly a shining example to SCOTUS on why we need 5th amendment protections to cover passwords though :-/.
 
ChoGGi said:
Yes I've heard of those hashes, I was just curious about how they found those same hashes on a supposedly encrypted hard drive.
I took another look at the PDF, it seems it's a mac with an encrypted external HDD, so something was stored on the computer itself (apparently by the thousands).


Edit: Reading some more of the PDF; I gotta say fuck him, let him rot...
"Doe and his counsel appeared at the Delaware County Police
Department for the forensic examination of his devices. Doe
produced the Apple iPhone 6 Plus, including the files on the
secret application, in a fully unencrypted state by entering
three separate passwords on the device. The phone contained
adult pornography, a video of Doe’s four-year-old niece in
which she was wearing only her underwear, and
approximately twenty photographs which focused on the
genitals of Doe’s six-year-old niece. "
Click to expand...

Fine jail him for the above. But its complete and utter bull shit to jail him for the things he "may" have on the encrypted hard drive.
 
The sad part of this is that it will require the SCOTUS to be resolved.

If neither is backing off then he is the only loser till a decision is reached. It's still a 50/50 shot for him as well.

Not looking at what he has been accused of both seem to be playing the loophole game. Sucks to be this guy at this point though. Open it and possibly incriminate Himself or sit in jail as guilty for not possibly incriminating himself...
 
Gavv said:
The sad part of this is that it will require the SCOTUS to be resolved.

If neither is backing off then he is the only loser till a decision is reached. It's still a 50/50 shot for him as well.

Not looking at what he has been accused of both seem to be playing the loophole game. Sucks to be this guy at this point though. Open it and possibly incriminate Himself or sit in jail as guilty for not possibly incriminating himself...
Click to expand...

When you are arrested for child porn (sure, not charged, but they do have evidence) and they find you have pictures on your phone and have hashes going to your computer matching known porn images AND you won't unlock a hard drive for them... That is pretty damning in itself. I figure he must have a real fucking doosy on that hard drive.
 
Gorankar said:
They are end running the 6th as well. This guy prolly deserves jail time it, but if they can trample his rights and do this to him, they can do it to the rest of us as well. They have enough evidence to make the claim he has CP, then maybe they need to take that evidence to trial. The loophole of not charging him is a BS move.
Click to expand...
And that's the crux of it.. i mean its that really it or are we missing something? Such a loophole if allowed could be used for anything: we think you murdered you neighbor... Where is the body? .. I don't know anything about any body... Well sir you are obstructing justice indefinite jail for you... No rights available because we are not charging you with murder at the moment. I know its absurd, but is it technically different though? The bar for obstruction being self incrimination sounds a bit crazy I guess the goal is to end encryption as potential protection from this case on.
 
Last edited:
Either the guy is truly an idiot and did nothing wrong or he is concealing child porn. The prosecutor needs to charge the guy with child porn and then prove that he is guilty in a court of law. If they can't do that with what they have now, they need to let him go. Personally I would rather have a guilty man walk free than an innocent man rot in prison.
 
auntjemima said:
When you are arrested for child porn (sure, not charged, but they do have evidence) and they find you have pictures on your phone and have hashes going to your computer matching known porn images AND you won't unlock a hard drive for them... That is pretty damning in itself. I figure he must have a real fucking doosy on that hard drive.
Click to expand...

People get arrested all the time. People are also found not guilty as well.

I know, I know... Court of public opinion always says you're guilty if a person has anything to do with it....

That's why I would want to look past all the charges and take that portion out of it.

He is damned if he does and damned if he doesn't.... But on one side he at least has a 50/50 chance of possibly surviving.

Now ... Can you say that in every application compelling a person to open something like that is the right one?
 
If the drive is encrypted, then the hashes computed would be for the encrypted data. Either that, or the hashes were computed before the data was hashed.
 
[21CW]killerofall said:
Either the guy is truly an idiot and did nothing wrong or he is concealing child porn. The prosecutor needs to charge the guy with child porn and then prove that he is guilty in a court of law. If they can't do that with what they have now, they need to let him go. Personally I would rather have a guilty man walk free than an innocent man rot in prison.
Click to expand...

^This. It's more important to protect innocence than it is to punish guilt. Also, the idea that the standard bar for obstruction would include self incrimination is ludicrous and that's essentially what this is. Yeah the guy is most likely guilty, but sometimes the ends (keeping the guy in prison in this case) don't justify the means when it means trampling everyone's rights.
 
wolfofone said:
AFAIK, you can be compelled to open a safe though ;-). Whether you can be compelled to provide a password/encryption key seems to be split (whether the 5th amendment can be used as a defense, or whether in forgetting a password you can be held in contempt ect). We need a SCOTUS decision. It sucks that the guy in the article probably is guilty so he's not exactly a shining example to SCOTUS on why we need 5th amendment protections to cover passwords though :-/.
Click to expand...

Well, maybe you can be compelled to open a combination safe. It's actually an open question. The specific examples of producing a key versus being compelled to reveal a combination have been used in a few different opinions, but only to explain other reasoning and not as the actual matter of the case. However, as it's been in more than one opinion that there's a distinction there that is important and has Constitutional implications, it's something that the court has considered. The real question is if they'd look at a password the same way. I suggest that they would,or at least should, and that this stance is intended (or at least not ruled against) in the Bill of Rights. While the founders certainly didn't have a copy of TrueCrypt laying around, they would all be familiar with the concept of coded messages and encrypted communications. They didn't make any explicit carve-out for forcing people to reveal an encryption code then, so I don't think it's a great starting place to assume that it shouldn't be protected.
 
speaking of things done against the law, how about the video where someone tried to ram the Presidents car while driving on a road in MO? Amazing that this video was never put on TV, at least I never saw it on the news. I bet they're going to be doing some serious prison time if convicted (and IMO they will be since it's on video)
 
Last edited:
As I read it this opens up a whole can of worms...
There's a huge difference between deliberately refusing to cooperate and simply being unable to do so. This far I've seen no proof that the guy know his password.
I know for sure that I can't remember a password that's been set once and then never used in several months. That was a real PITA for me when I was at the university and was required to pick a new password every single time I logged in to our student network (at about three month intervals)...
 
Olle P said:
As I read it this opens up a whole can of worms...
There's a huge difference between deliberately refusing to cooperate and simply being unable to do so. This far I've seen no proof that the guy know his password.
I know for sure that I can't remember a password that's been set once and then never used in several months. That was a real PITA for me when I was at the university and was required to pick a new password every single time I logged in to our student network (at about three month intervals)...
Click to expand...

Out of curiosity: I disagree with your statement their is a huge difference between deliberately refusing to cooperate and being unable to do so. You have no legal requirement to cooperate. I know there is in some places like the UK but their isn't here. Given that context what is the difference?
 
Romale23 said:
Out of curiosity: I disagree with your statement their is a huge difference between deliberately refusing to cooperate and being unable to do so. You have no legal requirement to cooperate. I know there is in some places like the UK but their isn't here. Given that context what is the difference?
Click to expand...

That's actually the centerpoint of this whole issue. *DO* you have a legal duty to cooperate in providing a password? There's no directly-controlling ruling from the Supreme Court, so it's impossible to say with any certainty. However, whether you do or don't, holding a dude in jail (no matter how scummy he sounds) on a technicality that may be Constitutionally-protected is a bullshit move. They should expedite this up to the SC for a ruling, and the guy shouldn't be in prison while it's pending. I'd rather some asshole stay free for a while and protect the rule of law for everyone than to bend the rules because he "deserves it." They need to either charge the guy or cut him loose, this is a travesty of justice.
 
Zepher said:
aren't you supposed to be innocent till proven guilty? they have no proof yet, so he is technically innocent till they get the proof showing that he is guilty.
Click to expand...

Saw this comment, immediately this sprang to mind. :D

 
Zepher said:
aren't you supposed to be innocent till proven guilty? they have no proof yet, so he is technically innocent till they get the proof showing that he is guilty.
Click to expand...

His crime is interfering with the investigation. So proving guilt of that would not be hard.

The real lesson here is that your answer regarding encrypted stuff should be.. fuck.. I don't know what that is, I must have been hacked.
 
I used to make encrypted folders about once a week. Dumped them and moved on.

I need to get rid of all my memory cards like yesterday.
 
_l_ said:
speaking of things done against the law, how about the video where someone tried to ram the Presidents car while driving on a road in MO? Amazing that this video was never put on TV, at least I never saw it on the news. I bet they're going to be doing some serious prison time if convicted (and IMO they will be since it's on video)
Click to expand...
Turned out to be a mechanical failure. However the media and their cabbage like followers are unhinged when it comes to Trump, they don't want to show anything that might evoke sympathy or concern.
 
AaronGant said:
ok, but now it's been 2 years, is it now possible to believe the password is forgotten?
Click to expand...

Assuming he knew the password to begin with, I'd think that being in jail for two years for not producing it would have burned it into his brain knowing that it is the key to his freedom... or some long-time Bubba butt-lovin'.
 
AltreineirialX said:
If the drive is encrypted, then the hashes computed would be for the encrypted data. Either that, or the hashes were computed before the data was hashed.
Click to expand...
I would assume the file is hashed, then encrypted. Then when decrypted, the hash is checked for file integrity (tampering or corruption). But when you have more bits than the hash. It's impossible for the hash to be unique.
 
jpm100 said:
I would assume the file is hashed, then encrypted. Then when decrypted, the hash is checked for file integrity (tampering or corruption). But when you have more bits than the hash. It's impossible for the hash to be unique.
Click to expand...

It very, very unlikely that two files with real and meaning data would ever hash to the same value, even less so for two files of the same size.
 
ryan_975 said:
It very, very unlikely that two files with real and meaning data would ever hash to the same value, even less so for two files of the same size.
Click to expand...
I bet you can get a picture of a dog and a cat and if you eff with the cat photo in a non-visible way (think watermark) it will give the same hash as the dog. Then show that in a courtroom of non-techie people. You totally destroy the hash as evidence.

Like I said more bits than the hash, its impossible for the hash value to be unique. You could simply switch on/off the least significant bits for various RGB values until you made it match. Most people wouldn't notice the effect of a LSB change unless the bit depth was really low.
 
jpm100 said:
I bet you can get a picture of a dog and a cat and if you eff with the cat photo in a non-visible way (think watermark) it will give the same hash as the dog. Then show that in a courtroom of non-techie people. You totally destroy the hash as evidence.

Like I said more bits than the hash, its impossible for the hash value to be unique. You could simply switch on/off the least significant bits for various RGB values until you made it match. Most people wouldn't notice the effect of a LSB change unless the bit depth was really low.
Click to expand...

That's not how (modern) hashing algorithms work. If you change one bit in the source, it alters every thing downstream of it so that you end up with a completely different hash value. Additionally, a strong algorithm is not easily reversed to know how changes will the effect the final hash value. And by easily, I mean achievable within the expected lifetime of the universe. So finding two random files with the exact same hash value is hard enough; finding two that have meaningful data with one of those files being predetermined AND have matching file sizes... it's not going to happen.
 
ryan_975 said:
That's not how (modern) hashing algorithms work. If you change one bit in the source, it alters every thing downstream of it so that you end up with a completely different hash value. Additionally, a strong algorithm is not easily reversed to know how changes will the effect the final hash value. And by easily, I mean achievable within the expected lifetime of the universe. So finding two random files with the exact same hash value is hard enough; finding two that have meaningful data with one of those files being predetermined AND have matching file sizes... it's not going to happen.
Click to expand...
Say I have 160,000 pixel picture. Say I just toggle the least significant bits of all 3 colors. That's 480,000 bits that can be manipulated and just look like noise at worst, invisible at best.

Lucky if an integrity checking has is 40 bits.

2^40 = number of possible hash combinations
2^(480,000) = number of possible imperceptible tweaks each with a chance to create a matching hash.

If you can fathom the second number at all, you know the hash will lose.
 
The problem is you have to *compute* the hash value of those 2^480,000 variations until you find a collision. Is it possible? Yup. Is it likely? Probably not. It really depends on what algorithm they're using in their hashes. If it's MD5 (which was, the last time I used them, an option in both FTK and Encase which were likely platforms for this analysis), then it isn't really outside the realm of possibility that you could do so. If it's SHA-1, Google demonstrated the first collision attack that demonstrates what you're suggesting occur a few months ago. It took 110 years of GPU time to generate a collision that matched their original input.

In any case, a decent lawyer for the Feds won't let that argument run in court. The standard is beyond a reasonable doubt. While you can certainly generate an MD5 collision on purpose, the chances of this randomly occurring are far, far beyond "reasonable doubt."
 
Paladin21 said:
The problem is you have to *compute* the hash value of those 2^480,000 variations until you find a collision. Is it possible? Yup. Is it likely? Probably not. It really depends on what algorithm they're using in their hashes. If it's MD5 (which was, the last time I used them, an option in both FTK and Encase which were likely platforms for this analysis), then it isn't really outside the realm of possibility that you could do so. If it's SHA-1, Google demonstrated the first collision attack that demonstrates what you're suggesting occur a few months ago. It took 110 years of GPU time to generate a collision that matched their original input.

In any case, a decent lawyer for the Feds won't let that argument run in court. The standard is beyond a reasonable doubt. While you can certainly generate an MD5 collision on purpose, the chances of this randomly occurring are far, far beyond "reasonable doubt."
Click to expand...

Even then, all of those proven attacks are for collision attacks (finding two independent sets of data that happen to have the same hash values). What we're talking about here is a constrained pre-image attack (finding data that hashes to an already known value); that's orders of magnitude more difficult.
 
The Google attack on SHA-1 was exactly that (though it appears to only work if the JPEGs are inside a PDF, because they leverage the PDF file structure to make the computations easier,and so almost certainly doesn't apply here). However, I can't imagine some dude who can't get attorneys good enough to spring him from jail after two years on a BS technicality could afford to rent enough server time to do anything about it. I think you'd have to actually brute force it for a raw JPEG, or at least I've seen no suggestion that there's any other approach to this. Pre-image is something like 2^123 in a best-case search, so certainly within the suggested 2^480,000 (lol) options available in the suggestion by jpm100. Unless you got exceptionally lucky (I mean, the math says hell no, but people still win the lottery...though this is much, much harder than that too), the guy will be long dead and gone before you come up with an answer.
 
You must log in or register to reply here.
Back
Top