<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Apr 28, 2016 at 12:25 PM, grarpamp <span dir="ltr"><<a href="mailto:grarpamp@gmail.com" target="_blank">grarpamp@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="https://yro.slashdot.org/story/16/04/27/2357253/child-porn-suspect-jailed-indefinitely-for-refusing-to-decrypt-hard-drives" rel="noreferrer" target="_blank">https://yro.slashdot.org/story/16/04/27/2357253/child-porn-suspect-jailed-indefinitely-for-refusing-to-decrypt-hard-drives</a><br>
<a href="http://thehackernews.com/2016/04/decrypt-hard-drive.html" rel="noreferrer" target="_blank">http://thehackernews.com/2016/04/decrypt-hard-drive.html</a><br>
<a href="https://www.scribd.com/doc/310741233/Francis-Rawls-Case" rel="noreferrer" target="_blank">https://www.scribd.com/doc/310741233/Francis-Rawls-Case</a><br>
<a href="http://arstechnica.com/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/" rel="noreferrer" target="_blank">http://arstechnica.com/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/</a><br>
<br>
Amici Curiae by EFF and ACLU<br>
<br>
A Philadelphia man suspected of possessing child pornography has been in<br>
jail for seven months and counting after being found in contempt of a court<br>
order demanding that he decrypt two password-protected hard drives. The<br>
suspect, a former Philadelphia Police Department sergeant, has not been<br>
charged with any child porn crimes. Instead, he remains indefinitely<br>
imprisoned in Philadelphia's Federal Detention Center</blockquote><div><br></div><div>This seems ugly....<br>I would provide the key as requested and when the files fail to decode there is </div><div>proof that the device was corrupted while in custody.<br><br>Many devices are encrypted with generated very strong keys</div><div>that are never exposed to the user. Access to the strong key is via </div><div>a passphrase to unlock tools for the device. Single bit errors can</div><div>render data on an encrypted device worthless (impossible to recover).</div><div><br>There seems to be a line between what you are and have vs. what you know.<br>It gets interesting when they demand testimony on someone else and</div><div>assert that "Self Incrimination" is not involved.</div><div><br></div><div>I know that I have forgotten passwords and lost key pairs. <br>Multiple individuals in multiple generations of my family tree have passed from Alzheimer's.<br>I have used encryption but never recorded the key on devices I wish to discard because</div><div>there was some risk of latent company confidential data that I do/did not own on the device. </div><div>I know that I have changed passwords over time and abandoned accounts that I have no</div><div>way to recover... </div><div>Passwords I have used and now believe to be invalid in my history: </div><div> 1234567890 <br> !@#$%^&*()_ <br> PassWord</div><div> PassWordWithSalt</div><div><br></div><div>I also know that many systems running on encrypted filesystems have</div><div>been hacked by external agents. While running these systems allow</div><div>interlopers to drop files on the system perhaps to be recovered later </div><div>and used in a future prosecution. Home computers are especially </div><div>vulnerable to external attacks. Larger systems also have flaws as </div><div>we are seeing with ransomware on some famous hospital systems</div><div>(HIPPA demands security and some US states demand encryption).<br><br><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div> </div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>