'Sorry, I've Forgotten my Decryption Password' is Contempt of Court

Discussion in '[H]ard|OCP Front Page News' started by Zarathustra[H], Mar 20, 2017.

  1. Zarathustra[H]

    Zarathustra[H] Pick your own.....you deserve it.

    Messages:
    23,177
    Joined:
    Oct 29, 2000
    The Register is reporting that the U.S. Third Circuit Court of Appeals today upheld a lower court ruling in which a man suspected of concealing child pornography was held in contempt after failing to successfully provide his decryption passwords for his external hard drives. This legal decision is somewhat controversial as many, including the EFF, believe that the forced disclosure of the contents of ones mind runs afoul of the 5th amendment.

    It will be interesting to see if this case makes its way to the Supreme Court, and how it might rule.

    Others take issue with the idea that technology might be allowed to trump legal process. In a 2015 California Law Review article arguing that forced decryption is necessary to balance individual rights and government power, Dan Terzian, presently an associate at Duane Morris LLP, argues that the EFF's view is too expansive.

    "Scores of companies now encrypt their data," Terzian wrote. "In the EFF’s alternate universe, these companies are effectively immune from discovery and subpoenas."
     
  2. jpm100

    jpm100 [H]ardness Supreme

    Messages:
    6,591
    Joined:
    Oct 31, 2004
    It's not an accident they waited for a child porn case to do this. Kind of tired of being manipulated.
     
  3. Darunion

    Darunion Chin Poon Specialist

    Messages:
    2,632
    Joined:
    Oct 6, 2010
    We all knew it would be a 'what about the children!?' case that would go down this road, always is. Rape or murder cases, not so much, as those are considered lesser crimes by the public.

    Never did make sense to me. I can go look at pictures of corpses, videos of murders or executions. But if I look at pics of naked kids, that is jailtime and listed for life. Not arguing that crimes against children isn't horrible, but it is the only offense that you are not allowed to see photos of, unless your job is to look at those photos lol.
     
    Xinmosni, Xaeos, Revdarian and 2 others like this.
  4. Damar

    Damar [H]ardness Supreme

    Messages:
    4,165
    Joined:
    Jun 20, 2004
    Technology has leapfrogged past the legal ability to handle it, and that likely isn't going to be remedied any time soon.

    This will easily end up at the Supreme Court, but who knows if they'll take the case.
     
    sboucher likes this.
  5. Kalabalana

    Kalabalana [H]ard|Gawd

    Messages:
    1,210
    Joined:
    Aug 18, 2005
    If something doesn't make sense, think more.
     
    c3k and homernoy like this.
  6. Extra-Titanian

    Extra-Titanian [H]ard|Gawd

    Messages:
    1,531
    Joined:
    Sep 21, 2009
    What if he like, actually doesn't remember? He just sits in a cell until he remembers that his password is GZNyS^pXW3q6mY&K6W6RS3Ym%1TpBsoIVmY%Gp&22J?
     
    Xinmosni, GoldenTiger, Xaeos and 8 others like this.
  7. gxp500

    gxp500 Limp Gawd

    Messages:
    473
    Joined:
    Mar 4, 2015
    His password is probably 12345
     
  8. Semantics

    Semantics 2[H]4U

    Messages:
    3,096
    Joined:
    May 18, 2010
    It is interesting given currently passwords for the most part are not contempt of court, as a court can order you to provide a key to a safe but can't order you to provide the combo to a safe.
     
  9. U-238

    U-238 [H]Lite

    Messages:
    121
    Joined:
    Aug 14, 2008
    If they guy had said photos locked up in a safe, and only he knew the combination and conveniently "forgot" that combination, the court could/would do the same thing (contempt).

    As long as there's a proper search warrant and the content(s) being search for can reasonably be presumed to be in a safe (and the contents of the safe are covered by the warrant), it's fair game for a search. You're not obligated to divulge the combination to open it (5th amendment) but it can be opened by any means necessary without you revealing that combination.

    A password protected (or encrypted) device can be considered much the same as a safe. I don't really see an issue here. As long as proper evidence gathering procedures are followed (you have a warrant and that warrant covers getting into the device to obtain evidence) there really shouldn't be any difference between this and a case from say... 60 years ago.

    Same shit, different day & age.
     
    Mong00se and sboucher like this.
  10. Dead Parrot

    Dead Parrot [H]ard|Gawd

    Messages:
    1,080
    Joined:
    Mar 4, 2013
    It is all about what agenda the government is interested in pressing. IMO, it ISN'T child porn but wanting to set a nation wide legal precedent about encryption passwords. Keep in mind, this same government declined to pursue a child porn case when they would have been required to reveal surveillance techniques used on common citizens. They are hoping that in this case, child porn will make the courts more likely to rule in the government's favor.
     
  11. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    8,534
    Joined:
    Jul 16, 2008

    So you have seen other cases where the question of whether or not to compel a defendant to present a password was in question and the prosecution had compelling evidence that the evidence they are seeking is in the password protected device?

    That is part of the process, they must have evidence that more evidence is in the device they are seeking access too.

    In this case, they already had the computer unlocked which had logs saying the files were transferred to an external device and that the filenames where known filenames of child porn images.

    Evidence from one device is pointing to more evidence on another.
    Furthermore they have sworn testimony that the defendant had these files on his computer system.
    Now I am not saying that forcing someone to give up a password is the new good thing to do. But in a case like this, I think the Judge is correct and I do not see that the average case that came up in the past was anything at all like this one.

    I don't think your comment is justified in this case. But that's me, if you read what I wrote and still think your comment is good so be it. You don't have to agree with me, it's just a discussion.
     
  12. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    8,534
    Joined:
    Jul 16, 2008
    I don't think they will hear it at all, in fact, I don't think it'll even get close. Not with the sworn testimony of the man's on sister.
     
    fadedlogic likes this.
  13. shad0w4life

    shad0w4life Gawd

    Messages:
    565
    Joined:
    Jun 30, 2008
    Hopefully they can find a way to release the guy, see if he does access the drive(or destroys it) then throw the book at him.

    Darunion its not nekkid pictures of kids.... That someone took as a family photo. Google the 4 year old they saved by identifiying a chip bag that was exclusive to a specific country. It's things like people letting strangers crawl into their kids bed in exchange for money / other peoples kids etc.
    Really really horrible things to the point I think skinning them and keeping them alive is acceptable.

    Just tell the guy if its NOT what you are being prosecuted for they cant charge him
     
  14. Romeomium

    Romeomium Limp Gawd

    Messages:
    206
    Joined:
    Feb 9, 2017
    That's the same password I have on my luggage!
     
  15. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    8,534
    Joined:
    Jul 16, 2008

    Amazing

    It's my pin for my sex toy ...... I have to keep it simple cause when the little head is doing all the thinking ...............................
     
  16. Shotglass01

    Shotglass01 [H]ard|Gawd

    Messages:
    1,777
    Joined:
    Aug 26, 2005
    In legal theory, I get what you're saying, but I can't agree with it. Typically, this won't really be an issue because a defendant would probably be able to unlock said device/drive. But say said defendant is locked up, other prisoners decide to take out some vigilante justice, or maybe he just has an accident while in prison, and literally has damage to the brain such that he really cannot remember. I'd say whatever was encrypted is likely to stay that way no matter what a court wants. I also expect the odds of that happening to be extremely small, if ever, but could be exploited. Wouldn't take much to pay a guy off to whack the back of your head against some concrete in a fake fight, and boom, instant amnesia.
     
  17. TwistedAegis

    TwistedAegis [H]ardForum Junkie

    Messages:
    8,804
    Joined:
    Oct 7, 2009
    But how do you balance the rule of law vs 5th amendment? As the article notes, does the act of encrypting something now mean it is entirely immune from discovery from the law? Seems like a pretty simple way to unbalance things.

    I'm not sure of the right answer, TBH.
     
    lcpiper likes this.
  18. Lith1um

    Lith1um 2[H]4U

    Messages:
    3,302
    Joined:
    Aug 3, 2004
    For 20 years the launch codes of every US Minuteman Silo was a string of 8 zeroes. 00000000
     
    Revdarian likes this.
  19. DrLobotomy

    DrLobotomy [H]ardness Supreme

    Messages:
    5,041
    Joined:
    May 19, 2016
    I thought you could not be compelled to incriminate yourself. Giving up the password would do that.

    Tell them to go do some more police work and evidence gathering.
     
    Madoc and sleepeeg3 like this.
  20. Galvin

    Galvin 2[H]4U

    Messages:
    2,116
    Joined:
    Jan 22, 2002
    Police just need to find leverage
     
    Extra-Titanian likes this.
  21. Extra-Titanian

    Extra-Titanian [H]ard|Gawd

    Messages:
    1,531
    Joined:
    Sep 21, 2009
    Or a rubber hose. But I'd put money on this being about the precedent rather than the conviction.
     
    Madoc and mynamehere like this.
  22. Zarathustra[H]

    Zarathustra[H] Pick your own.....you deserve it.

    Messages:
    23,177
    Joined:
    Oct 29, 2000
    Excellent reference, dear sir.
     
  23. Quix

    Quix 2[H]4U

    Messages:
    3,709
    Joined:
    Jun 12, 2011
    The court should just stop wasting their time and invest in a small cluster of GPU-accelerated password cracking servers. It's so easy to brute-force passwords that are less than 12 characters long now it's not funny.
     
    sleepeeg3 likes this.
  24. UrielDagda

    UrielDagda 2[H]4U

    Messages:
    2,968
    Joined:
    Nov 16, 2004
    Even if he's released he'll never get any of that stuff back, once the cops take it, it's gone forever.
     
  25. Ultima99

    Ultima99 [H]ardness Supreme

    Messages:
    4,477
    Joined:
    Jul 31, 2004
    Justice, powered by Nvidia?
     
    GoldenTiger likes this.
  26. Zarathustra[H]

    Zarathustra[H] Pick your own.....you deserve it.

    Messages:
    23,177
    Joined:
    Oct 29, 2000
    Yeah, as long as the device in question doesn't implement some sort of fail2ban type of implementation, introducing successive delays of increasing lengths after each failed attempt.

    I don't understand why everything doesn't use this. It is so easy to implement.
     
    Spidey329 likes this.
  27. Simplyfun

    Simplyfun [H]ard|Gawd

    Messages:
    1,177
    Joined:
    Dec 17, 2016
    Flat encrypted storage isn't an active program, this isn't an iphone . I can copy your encrypted storage at a device level and make as many copies as I need to brute force against without the drives being aware I'm even doing it.

    Edit: firmware encrypted drives pose more of a problem, of course.
     
    Ur_Mom and lcpiper like this.
  28. Stiletto

    Stiletto [H]ardness Supreme

    Messages:
    6,440
    Joined:
    Jul 13, 2008
    If the fifth amendment doesn't apply to the contents of your mind, it's useless.
     
    Xinmosni, Madoc, Revdarian and 2 others like this.
  29. Extra-Titanian

    Extra-Titanian [H]ard|Gawd

    Messages:
    1,531
    Joined:
    Sep 21, 2009
    I'd be more worried about the type of cracking that'd need to be done.

    Unlike a database dump where you've got a bunch of encrypted passwords and you're just computing and comparing, and it's easy for a high speed parallel processor to make it faster, these are locked external device. Depending on the type, it might not be something that easily lends itself to external computation. You'd have to figure out if the password encrypts the files directly, or does that man in the middle shit that most stuff normally does. If it's the former, you need something capable of virtualizing a compatible file system while you brute force it, if it's the latter, you need to find a way to extract the encrypted password, figure out how it's encrypted, then you might be able to gpu accelerate it.

    One of the locked devices is an iphone 6. And the rest came out of an iMac so they might be Apple devices, using some variant of whatever they're using these days.
     
  30. Mchart

    Mchart [H]ard|Gawd

    Messages:
    1,879
    Joined:
    Aug 7, 2004
    You can't brute force an iPhone as you get 10 attempts and it then dumps everything.
     
  31. tunatime

    tunatime 2[H]4U

    Messages:
    2,904
    Joined:
    Sep 15, 2011
    The lessons here is have the key expire after x days if you do not change it
     
    Armenius and tetris42 like this.
  32. Spire3660

    Spire3660 Gawd

    Messages:
    879
    Joined:
    Jan 5, 2005

    No. The fifth was established for EXACTLY this sort of thing. You cannot compel me to divulge what is in my head, nor can you make assumptions on that.
     
    YeuEmMaiMai and Madoc like this.
  33. Extra-Titanian

    Extra-Titanian [H]ard|Gawd

    Messages:
    1,531
    Joined:
    Sep 21, 2009
    That's the firmware lock. This was a separate app installed on the phone. That he apparently ended up unlocking anyway, this article sucks. Either way, none of the stuff that's currently locked is going to be aided by "gpu cracking servers".
     
  34. Tiberian

    Tiberian DILLIGAFuck

    Messages:
    4,740
    Joined:
    Feb 12, 2012
    Next time the Judge forgets his or her password (for anything), now we can make a Federal case about it.
     
  35. Damar

    Damar [H]ardness Supreme

    Messages:
    4,165
    Joined:
    Jun 20, 2004
    Nope I cant. But they'll get what they want one way or another.

    Laws are going to have to change to take technology into account. It may take another 200+ years, but it will have to happen eventually, and at the rate we're already giving up our privacy for so called security, I'm betting police backdoors will be standard on every phone and PC eventually.

    Not saying you have to like it, but better expect it with the path we're on already.
     
  36. Darunion

    Darunion Chin Poon Specialist

    Messages:
    2,632
    Joined:
    Oct 6, 2010
    I think that is the point though, it is up to them to get the evidence, it shouldn't rely on me to provide evidence against myself. Not that I want criminals to have a safety net, i just don't want the trickle down to work its way into civil cases.
     
    Madoc, Wierdo, Nytegard and 1 other person like this.
  37. Ducman69

    Ducman69 [H]ardForum Junkie

    Messages:
    10,461
    Joined:
    Jul 12, 2007
    Forgetting passwords is a very normal common occurrence... how do they prove you do remember it? My mom forgets her Apple password religiously (I know, as I'm CC'ed on her resets... lol). She's not resetting it all the time out of "willful defiance", she, unbelievably, actually forgot the password.

    But of course since this is a pedo case, people are really hesitant to call this out for being total bullshit, out of risk of appearing to be pro-pedophilia, but then it will be precedent and we'll be holding normal people in contempt for simply forgetting a password.
     
    Madoc, Revdarian and nilepez like this.
  38. mdburkey

    mdburkey Limp Gawd

    Messages:
    483
    Joined:
    Jan 19, 2007
    It actually is a bit more complicated than that....

    The current legal thinking, Constitutionally speaking, is that they cannot legally compel you to divulge a password to the court, BUT if they have other evidence that shows that the encrypted device contains illegal material or material that could be subject to subpoena, then they legally CAN compel you to enter said password and decrypt the contents for the court. Essentially, this is the same as the argument that they can't compel you to divulge the password to a safe, but, following an appropriately served warrant, they can compel you to open it (or allow someone else to). With a safe, they can always just hire a locksmith and/or someone with appropriate tools. However, with encrypted materials, you are looking at what is effectively an uncrackable safe, hence the legal dilemma.

    So, by using the "I forgot" defense, he is trying to essentially sidestep the issue without decrypting the contents -- which gets into some very nebulous territory legally speaking for both the defendant and the judge making this ruling. The problem is that, quite often, passwords used for encryption are, by design, ungodly long nasty things -- which, there is no way on Earth almost anyone could actually remember without having them written down. So, the "I forgot" defense might actually be valid -- but that raises the question of did he have the password written down somewhere to begin with, and, if so, did he destroy that information? Which, although personally I hope this pedophile rots in jail for the rest of his natural life, his lawyer probably would have been better off attempting to use a defense stating that the records containing the (horrendously long, random, unrememberable) password had been destroyed. In this case, they could potentially charge him with destruction evidence, but that would have a fixed jail sentence attached to it, rather than the open ended potential inherent with "contempt of court". And, even that might be potentially avoided if they maintained that said material was destroyed prior to when he learned he was under investigation -- in which case it would be up to the prosecutor and the forensic analysts to determine the last date upon which the device was accessed in order to prove the last date upon which he definitively had access to the password.
     
    Last edited: Mar 20, 2017
    TwistedAegis and GoldenTiger like this.
  39. nilepez

    nilepez [H]ardForum Junkie

    Messages:
    10,545
    Joined:
    Jan 21, 2005
    You may have a point on the mac pointing to external devices, but the sister's testimony is meaningless to me. She could have a grudge against the brother. As a general rule, I don't think I'd want to set a precedent based on hearsay. And even the computer pointing to external devices isn't necessarily meaningful.

    Let's say you have 2 external drives. Let's also say that you have not downloaded child porn, but you do encrypt your drives. Now someone (let's say your evil sister) has gotten on your computer (let's assume she figured out your password) and downloaded kiddie porn to your external drives and changed the passwords on those.
    Now you didn't download the porn and you don't have the password for the drives.

    Is that a stretch? Perhaps, but it is possible. The courts may not side with him (courts have been whittling away at the 4th and 5th for decades), but IMO they should (despite the fact that he's probably despicable human being that should rot in jail).
     
  40. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,225
    Joined:
    Dec 15, 2003
    This is why I think encrypted drives should have two passwords. One that unlocks the encryption (as normal) and the other that unlocks part of the drive but does so in a manner that masks the deletion of the data you deem sensitive (since they're going to clone the drive, destroying all of the data with a special password would raise flags and be useless as it'll only destroy the forensic clone, hence why you need to make it so it appears unlocked).

    Sure, it'd be used for child porn. But you could use it for all sorts of things.