Judge orders defendant to decrypt PGP-protected laptop

Discussion in 'privacy problems' started by Malcontent, Feb 26, 2009.

Thread Status:
Not open for further replies.
  1. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    http://news.cnet.com/8301-13578_3-10172866-38.html
     
  2. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    If Boucher knew his he had to cross the border there is no doubt that the laptop would be searched and he should have backed up and erased all files that might get him into trouble. That said he did a dum thing saying that he may have downloaded child porn, he should not have said anything and let the border guards tell him just is what is legal porn and what is not. You don't win anything for being honist.
     
  3. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    PGP is 1 of the best WD Encryption software's available, I always see people trying to say it has a backdoor, but if that were the case the judge wouldn't need to order the defendant to enter his password, the guy seemed like an idiot anyways, generally you should not waive your right to remain silent!

    If it were me, I would have refused and took a much lesser charge of hindering an investigation!

    EDIT: Hmn read more of the case and found this

    I wonder what the ending results were in this case?

    EDIT: MORE about the strength of PGP, and the outcome of the case, he never gave them a password!

    http://news.cnet.com/8301-13578_3-9834495-38.html

    I don't think they got any kind of conviction on any of the charges either, but I could be wrong?
     
    Last edited: Mar 5, 2009
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This second link you gave is from December 14, 2007, and it says that "A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase."
    But, the first link is newer, from February 26, 2009 and it says: "In an abrupt reversal, U.S. District Judge William Sessions in Vermont ruled that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, does not have a Fifth Amendment right to keep the files encrypted."

    So, the second judge overturned the first one's decision, if I understood correctly, and that means he must decrypt data.
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Expect an appeal and a reversal on this one from the Second Circuit. No way will it hold up. A password is in your mind and clearly is testimonial. For those not in the USA: the 5th Amendment says a defendant cannot, "be compelled in any criminal case to be a witness against himself."
     
  6. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Good observation Nebulus :thumb: I found the link by googling "Boucher to unencrypt", but I didn't feel like going any further into the links, but the outcome would be interesting to read about!

    I totally agree!
     
  7. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    that's one of the universal principals of the constitutional state notion. so, in any state that claims to be a constitutional state (and we know that almost every state does claim to be one, today), this is a "sine qua non" article that takes place in the general provisions of a code of criminal procedure. given the orders of echr (http://www.echr.coe.int/echr/), there're known cases regarding the violation of the right of immunity from self-incrimination.
    extra info
     
    Last edited: Mar 5, 2009
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I think you should say "that SHOULD BE one of the universal principals of the constitutional state notion" :)
     
  9. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    However, the privilege
    against self-incrimination was not absolute or immutable. Other
    jurisdictions (Norway, Canada, Australia, New Zealand and the
    United States of America
    ) permit the compulsory taking of statements
    during investigation into corporate and financial frauds and their
    subsequent use in a criminal trial in order to confront the accused's
    and witnesses' oral testimony. Nor does it follow from an acceptance
    of the privilege that the prosecution is never to be permitted to use
    in evidence self-incriminating statements, documents or other evidence
    obtained as a result of the exercise of compulsory powers. Examples
    of such permitted use include the prosecution's right to obtain
    documents pursuant to search warrants or samples of breath, blood or
    urine.*

    *taken from the "Saunders v. the United Kingdom " case
     
  10. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Yes, you are partly right. However, what makes the password testimonial is that it's in your mind only. Breath, blood, urine, etc. can be taken from you. Try to take a thought. To give up something in your mind is so clearly testimonial and would be blatant self-incrimination. Second Circuit will look at this and throw it out in no time.
     
  11. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Exactly

    They cant force him to do anything in this case, they cant hold him down and extract the password from his brain, if the crap hit the fan, all they can do is charge him with hindering an investigation! but they shouldn't be able to charge him with such, because it still goes along the line of self-incrimination! I think o_O

    I still don't understand why their spending so much time and money on a case that only involves so called Illegal Animation? which is what the ICE Agent reported, all the real porn he seen was Adult Porn, what a waist of taxpayers money!
    _______________________________________________________________________________________
     
    Last edited: Mar 6, 2009
  12. rubberducky

    rubberducky Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    31
    Well, can't they just open the drive casing and access the drive platter directly in a specialized lab? That way they wouldn't need his password.
     
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    No. It is encrypted. All they would find, in even a "specialized lab," would be random gobbledeegook.
     
  14. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    brief info:
    http://ask-leo.com/i_thought_i_deleted_these_files_how_were_they_recovered.html
     
  15. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
  16. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    What you mean "best"?

    And are you saying that a TrueCrypt file container can be decrypted by someone else?
     
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    "One of the best" is an expression meaning, "It's great along with some others"; it's "one of the best" (among others). TrueCrypt would be among the others. A TrueCrypt container with a strong password is perfectly safe.
     
  18. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    I do not want to derail this thread as it seems to have evolved into a discussion about best methods of encryption; however, I am very intrigued by the earlier discussion regarding the legality and constitutionality of compelling a defendant to disclose a password. Should that discussion continue here or should a new thread be started for the purpose of continuing the discussion?
     
  19. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Well, what would happen if the defendant/accused would state that he does not remember the password ?

    Regardless whether it's true ?

    What if he would use encryption software that would make the encrypted data permanently unaccessible if an incorrect password were entered (does stuff like this exist, commercially or open source) ?
     
  20. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Hardware encryption (making forensic imaging nearly impossible) with auto-destruct features is the way to go if you want this ability. For example, the Kingston DTSP, DTVP series and the Ironkey drives.
     
  21. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    ***Disclaimer***
    None of the information that I post is intended to be relied upon as legal advice nor should it be. The intent of my posts is to respond to hypothetical situations solely and exclusively for the purpose of intellectual debate. People and organizations desiring actual legal advice should consult an attorney licensed to practice law in the relevant jurisdiction(s).

    This is a good question. I think a factual determination would have to be made by the fact finder to determine whether or not the password was actually known. If it was believed that the defendant actually knew the password, then he/she would likely be held in contempt until disclosure. If it was believed that the defendant did not actually know the password, then nothing.

    I think that you are referring to some sort of automatic destruction of the data. If so, I do think that this software is in existence and I honestly do not know how the court would handle this. My guess would be that the Court cannot compel the disclosure of something that is not capable of being produced. However, I at that point I would be worried about an accusation of spoliation of evidence if I were the defendant in such circumstances.

    ***Disclaimer***
    None of the information that I post is intended to be relied upon as legal advice nor should it be. The intent of my posts is to respond to hypothetical situations solely and exclusively for the purpose of intellectual debate. People and organizations desiring actual legal advice should consult an attorney licensed to practice law in the relevant jurisdiction(s).
     
  22. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Software "solutions" that do this simply won't work. They are protecting containers and such that can be imaged and the "auto-destruct" is defeated. Hardware encryption on the other hand is a different story as all the encryption and decryption must take place on the co-processor which also has the ability to wipe the drive after X number of attempts. You can't clone the processing needed on the chip. Hardware encryption is far superior to software encryption (in my opinion), and this is one of the reasons why.
     
  23. thathagat

    thathagat Guest

    how about narco analysis of the accused.......if it is not against the us law....that is
     
Loading...
Thread Status:
Not open for further replies.