'Sorry, I've Forgotten my Decryption Password' is Contempt of Court

Discussion in 'HardForum Tech News' started by Zarathustra[H], Mar 20, 2017.

  1. Nobified[H]

    Nobified[H] [H]ard|Gawd

    Messages:
    1,096
    Joined:
    Mar 21, 2013
    I only have one question! What is the software used to encrypt this drive? I want it for myself, nothing important or special on my shitty PC stuff. If the Government can't crack it, I want it!
     
    nilepez likes this.
  2. Extra-Titanian

    Extra-Titanian [H]ard|Gawd

    Messages:
    1,516
    Joined:
    Sep 21, 2009
    TrueCrypt had that option. The only problem was that it's pretty obvious that there's something there when the volume size and the disk size don't match up at all. Between that and the secret volume being advertised as a feature, it wasn't exactly clever.
     
    DocSavage likes this.
  3. Xrave

    Xrave [H]ardness Supreme

    Messages:
    7,053
    Joined:
    Jun 29, 2004
    That's not the point of this legal case.

    Only if you enable that option!
     
  4. gamerk2

    gamerk2 [H]ard|Gawd

    Messages:
    1,643
    Joined:
    Jul 9, 2012
    Pretty much this. My reading of the case is that the prosecution has other evidence that shows that this guy is guilty, and got a warrant to search the contents of the hard drive. So this explanation is spot on for this case.
     
  5. spugm1r3

    spugm1r3 [H]ard|Gawd

    Messages:
    1,153
    Joined:
    Sep 28, 2012
    Why couldn't a precedent-setting case on personal digital privacy be about a pirate or something? Why did it have to be child pornography? There is no judge on the planet that would want to be holding that bag of crap at the end of the day.
     
    mdburkey likes this.
  6. NeghVar

    NeghVar 2[H]4U

    Messages:
    2,445
    Joined:
    May 1, 2003
    So if they are unable to crack the encryption or brute-force the password and he truly forgot his password, then that is a life sentence. There are murderers who have had shorter sentences, been released, and then murdered again. That has a traumatic effect on all friends and family of the victims. A person who only downloads and views child porn, does not create a victim. Yet there are times when they get longer sentences than murderers and sexual predators, sometimes even a life sentence. http://www.johntfloyd.com/child-pornography-sentences/
    Where does the 8th amendment stand in all this?
     
  7. gamerk2

    gamerk2 [H]ard|Gawd

    Messages:
    1,643
    Joined:
    Jul 9, 2012
    The 8th doesn't apply here; bail isn't an option, and the punishment of being held indefinitely due to contempt is not considered cruel or unusual by the courts.

    I now point out the entire point of jail is to reform prisoners, not lock them up proportionally to the damage they do to society (even though that is more often then not how punishment is handed out).
     
    AaronGant likes this.
  8. Gorankar

    Gorankar [H]ardForum Junkie

    Messages:
    10,363
    Joined:
    Jul 19, 2000
    I want CP peddlers to go to jail.
    I want to retain my rights.
    I have encrypted devices I have forgot the passwords to. Nothing illegal. Mostly tax, and compliance related crap from the apt. complex I sold a few years ago. If they get a warrant, I essentially get life until I remember the password. The possibility of innocent people being damaged by this far outweighs the possibility of protecting the populous. In the case of this deviant, he is not the one that harmed anyone in the first place. There will always be pedos, always be a market for cp, and their will always be a piece of trash willing to exploit children to serve that market. Not saying to give this guy a pass. He has a problem, like as not, he will fuck up again and get caught. I do not see the need to set such a terrible precedent just to get this one perv.

    Going to destroy all encrypted shit I no longer remember passwords for later. I have paper copies of the stuff I need to keep anyway.
     
  9. Pusher of Buttons

    Pusher of Buttons [H]ard|Gawd

    Messages:
    1,925
    Joined:
    Dec 6, 2016
    Nothing pisses me off more than when the shockwaves cast forth in the pursuit of justice of a scumbag wind up screwing with my rights as a citizen....be it encryption or guns....too many people in the "big gov" just licking their chops for cases like this to be the precedent to throw to the wolves "We COULD have brought this child molester/murderer to justice.....BUT....."
     
    Extra-Titanian and Madoc like this.
  10. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    Not everyone the cops convict are actually guilty. I'd hope he gets his property back.
     
  11. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    Truecrypt had exactly that functionality.
     
  12. ruffbytes

    ruffbytes Limp Gawd

    Messages:
    447
    Joined:
    Oct 22, 2015
    Apple tries to protect itself from saying "we cannot unlock the phones ourselves!" You could see where this could put them into legal jeopardy if this precedent is set.
     
  13. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    Except apple are (in theory) engineering their phones such that they really can't unlock them themselves. The FBI wants them to change their methodology to allow for easier breaking into the phones.
     
  14. AaronGant

    AaronGant Limp Gawd

    Messages:
    378
    Joined:
    Feb 21, 2010
    every website has a forgot your password link. Likely everyone in that courtroom has used such a convenience. Is it really unbelievable that someone forgot a password?
     
  15. Gorankar

    Gorankar [H]ardForum Junkie

    Messages:
    10,363
    Joined:
    Jul 19, 2000
    Apparently it is to the judge.
     
  16. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,639
    Joined:
    Oct 29, 2000

    While I agree with you, I do understand why some are pushing back against this as well.

    Historically you could have a key to a locked file cabinet. The file cabinet could either be broken or you could be compelled to open it.

    Today, the contents of a billion file cabinets can fit on one drive, which can be encrypted. Way more information than can be accurately fit in the mind, and the fact that all that data can be held by simply remembering a key that one cannot be compelled to provide has huge implications.

    This is not to mention the issue of shielding information from discovery using the fifth amendment by way of encryption mentioned in the article which is also troubling.

    My gut instinct is to come down on the side of the fifth amendment, but I do understand that encryption technology and the capacity to store large amounts of data encrypted has complicated matters in a way that our founding fathers couldn't possibly have imagined.

    It's not as straightforward of an issue as it may first seem, and I am interested to hear what some of the top legal and constitutional minds in the country may have to say about it. If - that is - they can express it in a way a layman can understand.
     
    TwistedAegis likes this.
  17. celeron300

    celeron300 Gawd

    Messages:
    514
    Joined:
    Jul 8, 2009
    All your data belongs to us!!!
     
  18. NeghVar

    NeghVar 2[H]4U

    Messages:
    2,445
    Joined:
    May 1, 2003
    But my point is what if he truly has forgotten the password. Obviously the court does not believe him. So that puts him in jail indefinitely with no way out.
     
    Gorankar likes this.
  19. Madoc

    Madoc Gawd

    Messages:
    944
    Joined:
    Mar 10, 2006
    Don't be too sure that the government can't crack it. Do you really think they'd want you to know what they can or cannot actually break into? Do you think they want you to know what companies already provide them with back-doors into "secure" systems? Of course not.

    They may *say* that they cannot get into something, but they may or may not be telling the truth. Heck, the person who says that might think it is true, but the reality may be something different.

    So, don't be too sure that when the government says they can't break into something, they *really* cannot break into something. Paranoid? Maybe. But the government doesn't exactly have the best track record when it comes to honesty.
     
  20. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,565
    Joined:
    Jul 16, 2008

    No, this is not correct. There is a difference between a being compelled to produce evidence when the demand is just and being forced to give testimony that will incriminate yourself. The Judge is ruling that that providing the encryption key is not testimony.

    And as TwistedAegis pointed out earlier, the alternative is to allow everyone a guaranteed full-proof way to avoid prosecution, stick to digital crimes and keep your shit encrypted and you are immune from prosecution. That can not be allowed to stand as it is. If the prosecution already has evidence that reasonably points to additional evidence stored in an encrypted format I do not think it's an over reach to compel the defendant to unlock it. And if sworn testimony from your own sister isn't compelling, what is?

    This Doctor was a pediatrician too.
     
  21. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,565
    Joined:
    Jul 16, 2008
    Two different things going there though.

    It's one thing to use that security scheme from a device point of view, it's driven through a software/firmware executable. That isn't the same thing as the actual encrypted data. For instance, you have a drive and it is marketed as a secure storage device only. You plug it in and it installs this security app that interacts with it's own firmware so that in order to access the device you have to go through the fail2ban executable.

    I get your drive, rip it out of the case, and I put it on a drive replicator that creates a raw clone of the drive without the drive's special firmware.

    Now I haven't decrypted any data yet, but I just left your fail2ban firmware in the garbage can.
     
  22. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,639
    Joined:
    Oct 29, 2000

    Oh I agree. I know how full disk encryption currently works. If it could be made a part of the disk firmware though, something like fail2ban could make it more or less impenetrable. Say, have a humanly readable password with a fail2ban style protection, that unlocks an impossibly long and virtually impossible to brute force long key, used to encrypt the raw data on the disk, so even if someone dismantles the drive and is able to read a copy of the encrypted data, they can do nothing with that encrypted data, because the key is so strong that no super computer in the next 50 years can ever brute force it.

    It would seemingly be relatively cheap to incorporate this in drive firmware, and create software the host can use to interface with it.
     
  23. nutzo

    nutzo [H]ardness Supreme

    Messages:
    7,380
    Joined:
    Feb 15, 2004
    Just wait until they figure out a way to read your mind.

    In 200 years, police backdoors will be standard in your brain :eek:
     
  24. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,565
    Joined:
    Jul 16, 2008
    Umm, they already have access to all the data on all the devices except the encrypted external drives.

    This is not about unlocking an iPhone.

    This is about whether or not a defendant can be forced to divulge a password, in this case an encryption key, that will likely produce additional incriminating evidence.

    In most cases this has already been set as precedent and the answer is NO. But in most cases the device is a single device, not a secondary device in which other devices point specifically to the evidence contained on the encrypted device. The man's iMac says the files are on the external drive.

    And what I must stress again, the Man's own Sister has testified under oath that he showed her hundreds of these images and that they were stored on the encrypted device. Someone said the cops needed to go back and do more Police work, that was it, they did do it, and these things are some of the results. This is not a case where the cops are on a fishing trip looking for an excuse to charge this guy.

    This Doctor is a criminal who thought he was too smart to get caught. He was wrong. He thought he was too smart to be convicted but he is already fucked. And for those that believe this will set some sort or precedent, people have been force to give up passwords before, when the evidence is compelling enough. That is the law and it's been the law. This case will not change it.
     
  25. Krazy925

    Krazy925 2[H]4U

    Messages:
    3,457
    Joined:
    Sep 29, 2012
    Man they sure seem to care a lot about child pr0n. Oh wait.

    https://hardforum.com/threads/to-ke...sses-child-pr0n-case.1926564/#post-1042864619

    I disagree with this man, vehemently as it were. But, I do think compelling him to provide his PW is wrong. If they have enough to convict why not convict him then compel him to unlock the HDDs. It sounds like they have enough to convict him and this is more for creating case law.
     
  26. NeoNemesis

    NeoNemesis 2[H]4U

    Messages:
    2,390
    Joined:
    Mar 10, 2004
    A defendant shouldn't be forced to hand over damning evidence. If the prosecution want what's on his computer they should decrypt it themselves.

    How is this different than finding a potential murderer in contempt for not handing over the murder weapon?
     
    Xinmosni likes this.
  27. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,565
    Joined:
    Jul 16, 2008
    I don't understand why anyone would want this. Why would you wish for a full proof way to protect data when we all know that data can be evidence in criminal activity?

    You know the little guy sometimes get's fucked because of shit like DMCA and stuff. But usually it's a company fucking the little guys and it's data stored in their records and corporate email and falsified testing that shows how some Jackass in the government or some company is fucking hundreds of thousands of us little guys. And you think it's a good idea to develop a bullet proof vault that these assholes can put all their stuff in so they can never be caught?

    I do not get some people's thinking?
     
  28. Darunion

    Darunion 2[H]4U

    Messages:
    3,748
    Joined:
    Oct 6, 2010
    My take is a feeling of security. Why can't I own a lock that no one but me can open? Why must I allow a weakness in any security measure just in case the government or enforcement agency needs access?

    I guess maybe it is just how I feel personally. The police enforcement don't help me sleep at night, the locks on my doors do. I guess I apply that same feeling across the board.
     
    Meeho, GoldenTiger and painintheworld like this.
  29. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,565
    Joined:
    Jul 16, 2008

    Because a copyright pirate usually isn't facing like 5,000 counts of a 3 year sentence so he doesn't go to extreme measures to protect himself like this guy did. This guy made sure to keep all his dirt in "one" encrypted place (actually two encrypted external drives), and he did what he thought was enough to delete other evidence that pointed to the files on the drives. But when his computer died he authorized BestBuy to try to recover lost files not realizing that their policy is to check all recovered files to make sure they are not corrupted and were fully working files. That started the ball rolling.

    But I don't get why you guys keep thinking there is a precedent in this case. There is not. This is not the first time someone has been forced to give up a password. The precedent for this was set years ago.

    Every case that comes along you guys think it's precedent setting.
     
  30. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,639
    Joined:
    Oct 29, 2000

    It is certainly a tradeoff. I just generally tend to fall on the side of privacy in that tradeoff.

    Depending on your perspective you may not.

    I don't think there are necessarily any rights or wrongs here (within reason, go too far in any direction, and there might be) just different levels of preference and perspective on the subject matter.

    Like many people these days, I consider the data stored on my computer and in my phone to be almost analogous with the thoughts I have in my mind, and as such my inclination is to have 5th amendment rights extend to them. If someone is snooping through my phone in order to incriminate me (I swear I have nothing to worry about today, but who knows, maybe a day of civil disobedience or whistleblowing may some day come) I feel like that truly would be a matter of me being forced to incriminate myself. My computer and my phone are not just tools and devices I use, they are my mind outside of my mind.
     
    Last edited: Mar 21, 2017
    GoldenTiger and lcpiper like this.
  31. Methadras

    Methadras [H]ardness Supreme

    Messages:
    6,132
    Joined:
    Dec 19, 2000
    Child predators are sub-human loathsome creatures, but compelling someone to violate their rights by divulging what is in their mind whether they legitimately remember it or not should be fought at all levels of government. See there is a notion that government should be a champion of your rights, not it's detractor and I see our rights being whittled away on a daily basis. More ceding of our rights to government than ever before. This is independent of who is in the WH. It's been getting worse and worse since Bush1 and successively down the line. An incremental usurpation of a citizens rights is the true crime here.
     
    Xinmosni, GoldenTiger and Madoc like this.
  32. spugm1r3

    spugm1r3 [H]ard|Gawd

    Messages:
    1,153
    Joined:
    Sep 28, 2012
    I'll admit to some imprecise language here, but I wasn't aware of previous instances of contempt of court being issued for the "I forgot" defense. That said, you seem familiar with the legal world (I only know what I get from the news), I'm all for getting schooled.

    Mainly, I was just being wistful that we aren't having this conversation about encryption in regards to something a little more innocuous, so we could talk about encryption, instead of child pornography.
     
    lcpiper likes this.
  33. mufcfan

    mufcfan Limp Gawd

    Messages:
    245
    Joined:
    Feb 23, 2005
    Following this train of thought, if this counts as contempt then I would guess it would be legal to force this information out of him as well. Like using hypnosis, sodium thiopenthal or something that is just as equally not damaging mentally or physically.
    This doesn't really sound right.

    If he is guilty, he should go to jail. But I think they need to crack the lock and not the guy.

    A lot of supercomputers around the world are used to calculate the weather and stuff like that. Why not use their powers for cracking passwords in these cases?
    I don't like it when people say about IT stuff that "It cannot be done, we have to find a non-IT way to do it.". As it stands, all passwords can be cracked.
    This password can be cracked too and someone should work on it and try to get the means from the government.
     
  34. Bounty

    Bounty Limp Gawd

    Messages:
    430
    Joined:
    Jun 10, 2016
    I don't see how they can hold him longer than if he actually destroyed the evidence. For all intents and purposes, he has, and he may actually have by actually forgetting the password.
     
  35. LazN

    LazN Limp Gawd

    Messages:
    143
    Joined:
    Dec 24, 2015
    Several issues with that besides the privacy ones. Encryption is math, it's not some magic thing that only a few have access to, you can't make math illegal. So open source encryption already exists, and is already being made by many companies / projects all over the world. You are not going to get all those shut down. So sure, maybe the built in encryption will have a back door, and that encryption will be good enough for the majority of people who don't care that hackers will find those back doors (and no you can't guarantee that bad people won't be able to use those back doors, if they exist both good guys and bad guys will be able to use it). So anyone that actually cares about privacy will use one of the already existing encryption software products without said back doors and we are back to square one.

    TLDR: cat is out of bag for encryption, too late to backdoor into the past.
     
    GoldenTiger and Zarathustra[H] like this.
  36. Bounty

    Bounty Limp Gawd

    Messages:
    430
    Joined:
    Jun 10, 2016
    We have a full proof way to protect data. If the guy wrote the complex password down on a sticky note, never memorized it, then ate the paper. Data gone. Information is destroyed all the time and society hasn't fallen.
     
    Extra-Titanian likes this.
  37. Extra-Titanian

    Extra-Titanian [H]ard|Gawd

    Messages:
    1,516
    Joined:
    Sep 21, 2009
    Schrodingers data.
     
  38. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,565
    Joined:
    Jul 16, 2008
    I get schooled by our real lawyers here all the time. We do have a few that come to the [H].

    And I really wasn't addressing the "I forgot ..." part of this. I think it's coming down to the Judge calling his "bullshit" card and saying that he just doesn't believe the defendant's claim.

    There are certainly several levels to this case.

    I tried finding information about previous cases in which a defendant was forced to give up a password, ( I did say that this isn't a precedent and has been done before), but my searches keep turning up the Apple iPhone unlock cases and some others.

    I did find this and it's an interesting and more detached take on the issue.
    http://blog.al.com/live/2008/06/forcing_suspect_to_divulge_pas.html
     
    Last edited: Mar 21, 2017
    GoldenTiger likes this.
  39. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,565
    Joined:
    Jul 16, 2008
    I don't even know what kind of a point you are trying to make.

    Wait until it's you.

    Wait until some investment broker steals your life's savings and you need their records to prove it.

    "Oopps It's encrypted"

    I get this, I really do. I really do understand what many of you guys are concerned about. But it just always sounds to me like many of you don't think about the other side of the coin.
     
    Last edited: Mar 21, 2017
    GoldenTiger likes this.
  40. kinjo

    kinjo [H]ard|Gawd

    Messages:
    1,053
    Joined:
    Dec 17, 2010
    As much as I like to see guys like this guy get punished. I like the 5th amendment a hell of a lot more. Based on the courts logic here if you really did forget the password to a device that the government wants access to you could basically end up sitting in prison for the rest of your life. This guy may be a shitty person but the court is dead wrong here they have no right to compel him to give information which may incriminate himself.