Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United States Data Storage Iphone The Courts IT

'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges (theregister.co.uk) 522

Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.
This discussion has been archived. No new comments can be posted.

'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges

Comments Filter:
  • by ruir ( 2709173 ) on Monday March 20, 2017 @04:23PM (#54077307)
    I do not even know any of the passwords I use either at home or work....random passwords+2FA. I could not even remember them, even if my life depended on it.
    • by Midnight_Falcon ( 2432802 ) on Monday March 20, 2017 @04:24PM (#54077317)
      But you have some way to summon them through a password manager, and a Court would simply order you to release those credentials.
      • by Mashiki ( 184564 )

        Under stress, and my poor memory due to my job, I can't remember the password. I write it down, but I seem to have lost it.

        • Well say hello to a jail cell then. You can be help for contempt for a very long time.

          • by Mashiki ( 184564 ) <<mashiki> <at> <gmail.com>> on Monday March 20, 2017 @05:04PM (#54077707) Homepage

            All you need is a lawyer who's willing to argue that police lost evidence of this during arrest/warrant sweep. Happens quite often and there's a lot of case law on it.

            • Like the sticker note with the password on the bottom of the laptop.
              "I don't know the pw, it's on the bottom of the laptop."
              Police: "..." Unless of course they filmed the whole arrest and house visit.

              And about the 'forgone conclusion' and the fact they aren't simply starting the trial based on the evidence that led to this conclusion:
              I think it's quite possible that law enforcement told the judges, confidentially, that they already have hacked the disks using a secret back-door or other procedure, but
              • by Mashiki ( 184564 ) <<mashiki> <at> <gmail.com>> on Monday March 20, 2017 @09:04PM (#54079145) Homepage

                Possibly. That's the real question here, while I've read the case info provided in the article there's a bunch of things that are unclear until I get a chance to read the initial case. But, local police forces which is what this case is doesn't usually have the resources to backdoor things like this unless they're commonly known exploits. And if I remember the cases correctly, if they were seized as part of evidence in the original warrant and they were able to get the information off the drives without his co-operation it wouldn't matter anyway. Since it would have already proven that he was in possession of CP. So that doesn't really matter, in the rare cases where something like this happens they can seal part of the court case to protect the disclosure of things like that which would lead to the compromising of on-going investigations.

                The real thing is is what you pointed out though, where the proof. There is none really. The prosecution states they have "known hashes" but that doesn't mean much beyond that. It's more likely that the sister saw actual CP, and that's it. That in itself leads weight to it, but it still doesn't mean too much without the actual evidence.

                I wouldn't be surprised if this keeps moving through the court system, or their lawyer simply tells them to take the contempt charge which he'll likely serve on weekends and get on with his life. The contempt charge itself could be an entirely new ball of wax especially if it's contested which wouldn't surprise me. The lawyer(s) in question could make their career defining case off of it. Since then the court will have to prove that he knowingly engaged in contempt.

      • by rtb61 ( 674572 ) on Monday March 20, 2017 @07:47PM (#54078751) Homepage

        It's the law, innocent until proven guilty. So the judge failed to prove the person did remember the password, hence the judge is in contempt of justice. In order to prosecute for failure to remember and state a password, the court must prove the defendant does remember it, otherwise they a just fucking guessing because that is what they want, a really horrific corruption of the justice system.

        Think of the ramifications, the court claims you saw something with no evidence of proof of that claim, you say you did not and they imprison you until you say what they want you to say. You can not legally force memory, to force people to remember and just to be clear, how many you idiots got 100% on every exam you ever took, well, according to shit for brains judge, you put down the incorrect answer on purpose. Courts are not for fucking guessing, want to make a fucking claim, then fucking prove it.

    • I could see a case for contempt if it can be "proven" one is lying about forgetting the password, or has some other way to access the password; refusing to share it. I do not understand calling contempt for forgetting something.
  • ...should be expected by anyone who wants to hide data from a force as significant enough as a sovereign entity. Indefinite jailing based on contempt of court sounds a lot like a gentler, longer version of rubber-hose.

    Perhaps some type of expiry after 30-60 days of non-use for sensitive encrypted drives might protect against this, since there's no way the person could decrypt the drive after that threshold.

    • Obligatory: https://xkcd.com/538/ [xkcd.com] XKCD gets it right yet again.
    • by sims 2 ( 994794 )

      How do you implement the timeout assuming the attacker will have possession of the device in question?

      Apple has been dealing with something similar with their 10 try then wipe password limitation they keep figuring out new ways to bypass it.

    • by Anonymous Coward on Monday March 20, 2017 @06:37PM (#54078359)

      As a victim of a rubber hose attack by the American government I can offer some insight into how it works and how everyone looks at the issue wrong. The government usually gets it hands on you somehow and threatens you with some ridiculous mandatory minimum prison sentence. Its a somewhat civilized approach to the rubber hose attack.

      You go hire a big buck attorney who starts to work on the case. Next thing you know the government is offering you immunity for whatever is on your computer in exchange for the passwords. Of course your attorney says give them the passwords and this thing will likely go away. You hand over the passwords and it goes away, the statute of limitations ticks off a few years later.

      Now if you are the main target of their interest they will wait until they can nail you to the wall and do this step to anyone they think may be able to help.

      A better approach would be to use a wifi accessible ssd hidden in a wall or elsewhere it wont be found. Most of the time they are in and out of your house in under a hour, it is very rare, without an informants telling them all of your opsec secrets that anything well hidden will be found.

      Cops are humans, most humans are lazy and have mixed feelings about their job, remember that. Encrypted disks in the hands of the government should be treated as the starting point in negotiations.

    • by dougmc ( 70836 ) <dougmc+slashdot@frenzied.us> on Monday March 20, 2017 @08:11PM (#54078915) Homepage

      .Perhaps some type of expiry after 30-60 days of non-use for sensitive encrypted drives might protect against this, since there's no way the person could decrypt the drive after that threshold.

      You aren't imagining the defendant's computer in a nice neat room with his drives plugged in and a cop sitting at it trying to guess the password, are you?

      No, the drives will have been imaged through a hardware device that blocks all attempts to write, and their work will be on their own computers running their forsensic software against the images of his drives, with his original drives safely in the evidence lockup.

      And if criminals start using drives with custom firmware to foil this (they've already read the first GB sequentially? return gibberish and erase everything!), the cops will then be removing the control boards and subsituting their own before they do the imaging.

      "Self destructing crypto" will just be something else for them to work around. It might foil the local police department, but if the FBI/NSA/CIA/etc. really wants your data, that's not going to foil them any more than straight strong crypto will.

    • by epyT-R ( 613989 )

      Why would you want to live in such a society? Have we really fallen so far that citizens now support such insane shit?

  • What if (Score:5, Insightful)

    by markdavis ( 642305 ) on Monday March 20, 2017 @04:26PM (#54077343)

    >"upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives"

    I am not saying that is the case here, but what if a defendant really doesn't remember the password? Throw him in jail forever? Some devices don't need a key/password UNLESS they are disconnected or reset, and it is very plausible someone might have been using something for a long time without knowing.

    • >"upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives"

      I am not saying that is the case here, but what if a defendant really doesn't remember the password? Throw him in jail forever? Some devices don't need a key/password UNLESS they are disconnected or reset, and it is very plausible someone might have been using something for a long time without knowing.

      Yeah. I don't know the pincode for my SIM-card, I only ever need it when the phone updates the operating system, and it is separate from the code used to lock the phone. So if my phone is powered down, I have no way of unlocking it without traveling back to my home country out of US reach to get the printed copy of the pincode.

      • by sims 2 ( 994794 )

        What type of phone do you have that doesn't have to be restarted every few days?

        • by pla ( 258480 )
          All the responses to you so far have bragged about Androids... And make no mistake, I use both Android and iOS and am by *no* stretch of the imagination an Apple fanboy...

          But...

          I have owned my current iPhone for roughly 3 years. And in that time, I have rebooted it exactly once, for an OS upgrade. I force-shut it down one other time only because I was in the middle of nowhere, basically lost, and wanted to save the last 5% of battery for a 911 call if it became necessary.

          Put bluntly, it has never cr
    • What if it isn't even actually encrypted? "I see a lot of files on here that aren't .mp3, .jpg or .gif files, they have weird extensions like .class. They're obviously encrypted, decrypt them and show us the illegal stuff they're encrypted as!"
      • Re:What if (Score:4, Informative)

        by Altrag ( 195300 ) on Monday March 20, 2017 @05:28PM (#54077943)

        Presumably by the time the courts are ordering decryption, the computer has gone through forensics by actual computer forensics people.

        Your possibility might apply to the cop who's beating down your door and just trying to get a quick takedown but if you refuse that initial step it will go to people who know what they're doing long before it goes to a judge.

    • Maybe he said it with a snarky attitude.

      But, I had the same question...if you're not allowed to 'forget' something...what if you actually do?

      • by TWX ( 665546 )

        He probably 'said' it through his attorney via filing, which I expect would be on-paper.

        While it's possible to be snarky on paper it requires both intent and a general finesse for language that most people don't have.

    • Re:What if (Score:5, Interesting)

      by ShanghaiBill ( 739463 ) on Monday March 20, 2017 @04:57PM (#54077651)

      what if a defendant really doesn't remember the password? Throw him in jail forever?

      Sure. Why not? The criteria is "reasonable doubt" not "certainty". In practice, the standard for "reasonable doubt" is not very high. When DNA evidence first became valid in court, the Innocence Project reviewed thousands of old cases, and determined that about 10% of them could not possibly have committed the crimes for which they were convicted. One case overturned was the Central Park Five, which EVERYONE, including our president [nytimes.com], was absolutely certain were guilty. There are many, many other cases with no DNA evidence, but there is no reason to believe the false conviction rate is any lower for those.

      So if 90% certainly is good enough to lock up some poor black kids for life, why isn't it good enough for a rich white guy with a Macbook Pro?

      • by Altrag ( 195300 )

        While I'm sure there's no shortage of racism involved in that particular distinction, there could also be very valid reasons.. specifically witness testimony.

        Chances are you can find someone who will claim they witnessed an assault or saw some kid selling drugs or whatever.. possibly not accurate testimony since its been shown time and again that peoples' memories aren't terribly reliable in stressful situations, never mind the possibility of outright deceit. But you can often find someone to step forward.

    • This question actually did come up in this case, as at one point the defendant claimed to have forgotten the passwords. However, the defendant undermined himself by at another time refusing to provide the passwords by which he proved that he did have them.

  • by Baron_Yam ( 643147 ) on Monday March 20, 2017 @04:27PM (#54077365)

    This amounts to "We know you're guilty even though we can't prove it so we're not going to bother with proof", and worse, they're using that to apply a potentially unlimited sentence.

    Just because the guy is accused of having a child porn collection doesn't mean the niceties of law shouldn't apply.

    I'm actually not so much for the right against self-incrimination, but I am very much for the right to a fair trial based on evidence and not what people 'know'. I'm also very much on finite sentences proportional to the needs of protecting society, punishing enough to scare the next guy, and attempting to reform the convicted if possible... but there shouldn't be a sentence at all without a just conviction.

    • by haruchai ( 17472 )

      Just because the guy is accused of having a child porn collection doesn't mean the niceties of law shouldn't apply

      Does the law distinguish between having, distributing or making these images? I consider those very different crimes.
      Also, since they know he visited the sites and downloaded *somethings*, they can nail him just for that crime and waive or suspend the contempt charge if he agrees to forfeit possession of the hard drives.

    • by Falos ( 2905315 )

      It's a bad law because it's literally leaning on "I said so."

      The power is ultimately in the owner's hands. Consider: Even under torture, access is technically only granted when the owner says. And so, like warrant canaries, this power will simply rearrange itself until it's out of reach again, until untouchable by infantile laws that are comparable to a child shouting about a supershield that blocks anything.

      Immediate example: The key distributes itself (perhaps via deadman) to a random, unknown recipient o

      • by MrDoh! ( 71235 ) on Monday March 20, 2017 @05:48PM (#54078071) Homepage Journal
        That was how the UK version of this law was made to look silly (even though it later passed of course).

        An admission of a crime was made, written up, encrypted, and put on a USB(CD maybe) and sent to the Home Secretary. The police were then contacted and informed that the Home Secretary has, in his possession, an admission of a crime that requires a custodial sentence.
        Technically, that he never had the keys to unlock it was irrelevant. He had an item that was an admission of a crime, he was duty bound to hand it over and unlock it, even though there's no way on earth he could. But the way the law was written, he was the one in trouble.

        If this is allowed to stand, we now have the way for someone/anyone to send you an encrypted file (email/cookies), that will then get you found in contempt of court as you are unable to prove you can't unlock it.

    • They had evidence and testimony that he had downloaded and viewed the material and also that he had transfered it to the encrypted storage. They just didn't have access to the encrypted storage to show what was still there. The defendant made no effort to refute any of that which is why producing the password is considered non-testimonial.

    • by tsqr ( 808554 )

      This amounts to "We know you're guilty even though we can't prove it so we're not going to bother with proof", and worse, they're using that to apply a potentially unlimited sentence.

      Well, the forensic analysis of his laptop (whose encryption the authorities managed to break themselves) showed that he visited known child exploitation sites and downloaded "thousands of files with the same hash values as known child pornography files." (quote from TFA). The downloaded files weren't on the laptop, so they're assumed to be on the encrypted external drives. Also from TFA: "Authorities in Delaware investigating the case already had a sense of the contents of the drives because, according to c

      • Either they need the drive or they don't.

        If they need it... tough! (or at least it should be) - because they can't prove he hasn't genuinely forgotten the password.

        If they don't need it, the contempt charge is a disgusting act by the legal system to ignore its internal checks and balances. Just finish the trial with the evidence you have, get the conviction, and apply an appropriate sentence.

  • While I have less than zero sympathy for child pornographers, what about the 5th amendment? I thought it was to EXPLICITLY prevent the courts from obliging you to give information that may incriminate you.

    Also isn't the onus on the court to prove you're definately guilty before punishing you? I think its more than reasonable that someone could honestly forget their password, especially in a stressful situation such as a trial.

     

    • I thought it was to EXPLICITLY prevent the courts from obliging you to give information that may incriminate you.

      The password (like a key to a safe) itself isn't self-incriminating, even if the thing it's protecting may be.

      • by JustNiz ( 692889 )

        So if you make the password itself something that would be incriminating, you could legitimately withhold it?

      • The password (like a key to a safe) ...

        I think you mean "like a combination to a safe". Passwords aren't like physical keys—they're something you know, not something you have. And unlike physical keys, which can be seized with a warrant, there is no precedent for requiring a suspect to divulge the code to a combination lock.

    • the fifth amendment is so the cops can't torture you to force you to confess like used to happen in Europe around the time it was written. I read an interesting book one time how they used to put you on the rack and break your bones until you confessed or they were sure you really didn't do it.

      the concept that the police can collect evidence and you have to give up evidence of your guilt has been around for a long time cause justice trumps your right to break the law

    • by v1 ( 525388 )

      This is a case of secured evidence, not self-incrimination. If you have a locked safe that you won't give the combo to, they have the legal authority to break into your safe (and not compensate you for it), this is just an issue of where they are authorized to use force, but don't have sufficient force. (and this does indeed piss off the law / govt when it happens, they fancy themselves omnipotent and take enormous offense when proven otherwise)

      It really comes down to more of a case of getting the book thr

    • by Marc_Hawke ( 130338 ) on Monday March 20, 2017 @04:57PM (#54077643)

      The Courts (and Law Enforcement) have gotten really lazy, and it's confusing to me why they don't see it.

      During the San Bernardino iPhone stuff and other such stories, there were so many 'seemingly intelligent' people saying how encryption shouldn't be allowed because it made law enforcement difficult. Since when has it been easy? Wearing gloves makes it hard to pickup fingerprints. Should you outlaw gloves as well? However, these people are saying, "You should be forced to live in a way that makes it simple for us to track you all the time." "Papers Please!"*

      Two statements:
      "As more and more people are using encryption these days it's much more difficult for us to obtain evidence." - legitimate
      "As it impedes our abilities to gather evidence encryption in consumer devices should be restricted or should include a law enforcement backdoor." - completely not legitimate

      *(Actually with the 'papers please' that's more about proving you're allowed to be there, rather than checking to see if you shouldn't be there. So it really doesn't apply to the situation.)

    • Well the password itself isn't incriminating. Its just a string of gibberish characters. So he can be compelled to provide it. Now what it unlocks may be incriminating. But since the password is a key to a door and the evidence is on the other side of the door the key and the evidence are not the same thing. That line of separation means that the 5th doesn't apply to passwords.

      And when a judge orders you to do something in a trial, such as provide a password to your drive, and you decline, that's contemp
      • by JustNiz ( 692889 )

        So you're telling me that the Judge has power to order you to do literally anything during a trial? such as stick a knife in yourself or someone else? and if you refuse you are now in contempt and can go to prison for ever?

        • Well they are limited by the law. For the most part they can only order stuff that relates to the matter at hand. And the power to actually enforce their orders is in the hands of the executive branch, people who do not work for or answer to the judges. This is intentional, and for this very reason. This is also what the appeals process is for. A higher court can always throw out some crazy ruling by a lower court. But basically, yes. This is why appointments to federal judge positions are kind of a big dea
        • the Judge has power to order you to do literally anything during a trial? such as stick a knife in yourself or someone else?

          Yes, it happens all the time. Don't they have Fox News where you live?

    • a) Forensics had already proven that he had downloaded and viewed material and then transfered it to the encrypted storage and the defendant did not deny any of that, so the defendant is already incriminated.

      b) Being jailed for contempt is not punishment for the crime, it's a sanction for refusing to follow the court order to supply the password. It's not even considered a punishment per se so "cruel and unusual punishment" arguements, like against the solitary confinement here, are hard to make.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Monday March 20, 2017 @04:30PM (#54077389)
    Comment removed based on user account deletion
  • In fairness (Score:5, Insightful)

    by HeckRuler ( 1369601 ) on Monday March 20, 2017 @04:30PM (#54077391)

    So when are the politicians going to be charged with contempt of court when they "do not recall"?

  • Contemptible. (Score:5, Insightful)

    by msauve ( 701917 ) on Monday March 20, 2017 @04:38PM (#54077463)
    I agree, it's contempt of court. As well it should be, since the court is contemptible. The right against self-incrimination is absolute - you don't have to testify against yourself, you don't have to unlock that (combination) safe, you don't have to decrypt files. You have the right to remain silent.

    That is, unless it's the physical key to a safe, or some hardware encryption key. That's physical, and subject to seizure. But a combination or encryption password is a product of the mind, and forcing it out is forcing self-incrimination.

    Sure, law enforcement has a right, with the proper warrant, to break into the safe or attempt to decrypt the contents themselves, but failing that, they're simply SOL.
    • by guruevi ( 827432 )

      Although the SCOTUS agrees with you, there hasn't been any legally binding decision made surrounding these issues, lower courts have typically established that providing some assistance to your own conviction is acceptable.

      The 'true' solution would be to create a password/passphrase that requires you to actively participate with your mind. Eg. - I can only unlock this password by doing some sort of obstacle course with each stop providing me parts of the passwords.

  • Destroy code? (Score:4, Interesting)

    by PCM2 ( 4486 ) on Monday March 20, 2017 @04:44PM (#54077511) Homepage

    Seems like encryption systems need to have two passwords; one that decrypts the volume and another that wipes the keys and images a fresh filesystem. When they compel you to enter your password, you enter the "destroy code."

    Sure, you could be charged with tampering with evidence if they realized what you'd done. But maybe that would be preferable to indefinite incarceration for contempt of court.

    • Probably the best solution.

      But, could you really be charged with evidence tampering if the prosecution can't prove beforehand there was evidence there in the first place?

      I suspect it would be a long and expensive process to find out what the final outcome would be.

      • Re:Destroy code? (Score:5, Insightful)

        by Kardos ( 1348077 ) on Monday March 20, 2017 @04:53PM (#54077607)

        No, it is not even fantasy to have a "destroy everything" password. Even a rookie investigator knows to make a copy first. If you provide self-destruct keys it'll be blatantly obvious.

        • Re:Destroy code? (Score:5, Interesting)

          by silas_moeckel ( 234313 ) <silasNO@SPAMdsminc-corp.com> on Monday March 20, 2017 @05:08PM (#54077753) Homepage

          This is very hardware dependent. Plenty of systems out there that require a passkey to unlock but nuke themselves with a few bad tries. They are not clonable (unless you're the NSA and even then some go to lengths to prevent chip lapping and other methods from working). In essence it's a small computer that you can not practically copy with a hardened interface that stores the actual decryption keys.

          Even the TPM chips tied to hard drives should support that.

    • by haruchai ( 17472 )

      Seems like encryption systems need to have two passwords; one that decrypts the volume and another that wipes the keys and images a fresh filesystem. When they compel you to enter your password, you enter the "destroy code."

      Sure, you could be charged with tampering with evidence if they realized what you'd done. But maybe that would be preferable to indefinite incarceration for contempt of court.

      I doubt that would work in this case as I'm sure LEO images the media and tries to decrypt the images.

      • I doubt that would work in this case as I'm sure LEO images the media and tries to decrypt the images.

        You don't wipe the drive itself, you wipe the key stored in the TPM or equivalent (which is tamper-resistant and not easily cloneable). Even with the master password, no one can decrypt the contents of the drive without the active participation of the original TPM. An image of the encrypted drive will not help at all if the TPM can be persuaded to delete the sole copy of the decryption key, for example by providing it with a duress password.

    • I think forensic analysts will mount your disks in read only before mucking with them.

      A better solution would probably be to have a password that decrypts only part of the drive which contains decoy data.

    • Rather than destroy the contents it would be better to have a separate code that will show photos and videos of granny's 100th birthday.

      "Sir, why did you use password protection for such a purpose?"

      "Why wouldn't I use it to protect my memories of my G'Ma?"

    • by AmiMoJo ( 196126 )

      The first thing try do when they take your computer is make forensic copies of all storage media.

    • I think a time bomb would be better. An internal clock will count down 1 week, and if no key is given in that time it wipes the decryption key. The courts should be held up long enough to permit this too occur, if not you can reduce the time.

  • Secret courts can pry my encryption keys out of my cold dead American hands!

  • by evolutionary ( 933064 ) on Monday March 20, 2017 @04:54PM (#54077613)
    The government has been violating the constitution in spirit and word for so long that nobody seems phased by this sort of nonsense. It sadly gives weight to Trump's phrase "so-called judge": Forcing anyone to incriminate themselves by compelling them to give information in their mind is blatant violation of the 5th amendment. It's upon burden of prosecution to provide evidence BEFORE trial, not compel someone being tried to give evidence during the trial. As has be proven many times, there are a various number of ways investigators can get around encryption with a little planning (the was that guy running the drug trading service from a library I remember, they did it smart and the charged individual was a bit smug/laid back). If you can't prosecute with out that data, it shouldn't have been brought to trial. and if you have proper evidence already, don't need anyone's password. It's creating a culture where proper policework is not done, but prosecution says "to blazes with proper evidence, we'll use circumstantial evidence and wing it in court because it's convenience to try to compel someone being tried to waive their 5th amendment rights. you give us everything we need to prosecute you, or we'll lock you up for contempt charges. That's just wrong. And given the huge data dragnet we already have controlled by the CIA (another unconstitutional program confirmed by the courts). they have other tools (even if unconstitutional less so) for using data in a court case. Putin claims our system is no better than Russia, and if we keep violating our supposedly most precious standards like this, we'll prove him right.
  • by Jody Bruchon ( 3404363 ) on Monday March 20, 2017 @04:55PM (#54077631)
    There is precedent for this when the defendant has already decrypted the drive for authorities and then refuses to do so for the court. In that case, the contents are considered a "foregone conclusion" and there is no question that the defendant both acknowledges the encrypted volume and knows the key to decrypt it. This is a reasonable balance against Fifth Amendment protections.

    If he has not ever revealed the password to authorities, the Constitution absolutely prohibits this action by the court. A man cannot be compelled to self-incriminate, the court may not presume guilt (innocent until proven guilty), and the court can only establish guilt through due process of law (everything from investigation to conviction) and with equal protection under the law (the law is applied the same way to everyone). This ruling blatantly violates most of these basic rights if the contents of the drive are not a "foregone conclusion."
    • A man cannot be compelled to self-incriminate

      Sure they can. Do this field sobriety/breathalyzer/blood test combo. Oh, you refuse? Don't worry, we'll use that as evidence against you in a criminal case because you broke a civil law!

      It is not different here. They are nailing the dude for contempt, not for not testifying against himself. There are always ways around that bush

      the court may not presume guilt (innocent until proven guilty), and the court can only establish guilt through due process of law (
      • by Jody Bruchon ( 3404363 ) on Monday March 20, 2017 @05:33PM (#54077967)
        They can't criminally charge you for not taking the sobriety field test. They can and will take your license away. That's not a criminal process, it's a regulatory one. Different states may have different variations but the song generally remains the same. Driving is legally considered a privilege, not a right. It isn't the same thing.

        I agree with your second part. Civil asset forfeiture is a blatantly unconstitutional thing that is constantly abused. It's still not a constitutional action, but the guys with the guns make the rules in the end.
    • by Anubis IV ( 1279820 ) on Monday March 20, 2017 @05:36PM (#54077985)

      Ruling that it's a "foregone conclusion" is exactly what happened here, but for different reasons.

      While the defendant hadn't provided the Mac Pro and hard drive passwords previously, the investigators managed to figure out the password to his Mac Pro and were able to use that access to determine that it had been used to visit child porn sites and download thousands of files that matched the hashes for recognized child porn files. Those files weren't found on the Mac Pro, but the defendant's sister testified "that Doe had shown her hundreds of images of child pornography on the encrypted external hard drives". Between the download history, hash matches, and testimony about the location of the files, the judge ruled that it's a foregone conclusion that the drives contain child porn and that turning over the password is not testimonial in nature as a result.

      I'm not sure that I necessarily agree with that assessment (it could be that providing the passwords is still testimonial in nature with regards to crimes they don't know about that his knowledge of the passwords would implicate him of), and the article points out that it's likely this case will go all the way to the Supreme Court.

  • Why not just subject him to water boarding and other forms of "enhanced interrogation" techniques? At this point, what does it even matter? If we are so willing to break some of the most fundamental rights owned by our society, then what does the rest of it matter? You can argue day and night about whether there is still logic to the 2nd amendment; and lets be real, the logic falters when you exercise that right against a military as heavily funded as in the US. However, the existence of the 5th amendment i
  • by tinkerton ( 199273 ) on Monday March 20, 2017 @05:06PM (#54077729)

    My password is "sorry I've forgotten my password". They won't be able to claim I didn't tell em!

  • I can relate (Score:4, Insightful)

    by AaronW ( 33736 ) on Monday March 20, 2017 @05:40PM (#54078015) Homepage

    I had a couple of encrypted partitions on my Linux setup that I rarely accessed that became inaccessible after a Linux update. In my case I did remember the password but Linux would not accept it. I eventually reformatted it and restored the data from a backup.

    Any time you are arrested you should always choose to remain silent and request an attorney even if you are innocent [crammlawfirm.com].

Real Programmers think better when playing Adventure or Rogue.

Working...