Judge orders defendant to decrypt PGP-protected laptop

Perry E. Metzger perry at piermont.com
Tue Mar 3 18:38:45 EST 2009 

Ivan Krstić <krstic at solarsail.hcs.harvard.edu> writes:
> On Mar 3, 2009, at 1:53 PM, Perry E. Metzger wrote:
>> If it is obvious to you and me that a disk has multiple
>> encrypted views, then you can't expect that a court will not be able
>> to understand this and take appropriate action, like putting you in a
>> cage.
>
> Why do you think it'd be obvious to you and me that a disk has
> multiple encrypted views? Contempt carries a burden of proof. If the
> guy has two encrypted volumes, one with a bunch of hardcore adult porn
> and the other with a bunch of kiddie porn, how does his unlocking the
> first one give you a 'preponderance of evidence' that he's obstructing
> justice or disobeying the court? It becomes a he-said-she-said with
> the CBP agent, your word against his.

Again, you seem to be operating under the common geek misperception
that courts operate like Turing machines, precisely and literally
executing precisely defined legal concepts.

They do not work that way.

Courts work much more the way the high school vice principal who put
you on detention for three weeks for throwing a snowball worked --
even though he didn't see you throw one, he just saw you were the only
person in the general vicinity, even though it was all patently unfair
since he had no "proof" by your lights.

The law's idea of what sufficient evidence means is not what you, as a
geek, think sufficient evidence means. For example, perhaps to you,
"beyond a reasonable doubt" means something like "there is no way you
couldn't be guilty", while to a court it means nothing like that -- it
means that an ordinary person (that is, not a geek, not a professional
defense attorney, not a mystery novel addict) wouldn't have serious
doubts about guilt. Not no doubts -- just no serious ones.

The law is used to people trying to weasel out of trouble -- people
have been trying to weasel out of trouble since the year 100,000
BC. Criminals were trying far more elaborate schemes to get out from
under trouble than you will ever think of back in ancient
Mesopotamia. You're not going to find something new that impresses a
real court.

Take a real common case. Someone is mugged by two people. One of them
shoots the victim and neither will say which of them did it. You, the
geek who thinks the law is a Turing machine, assume that neither can
go to jail for murder. "In the case of each criminal", you assume,
"there is a reasonable doubt as to whether or not the other guy did
it. 50/50 is a way reasonable doubt!"

Well, that's not how the real legal system works. In the real legal
system, the court will happily put both people in jail for murder even
though there is only one bullet in the victim so only one person could
have pulled the trigger. That's routine, in fact, never mind how
"unfair" that seems to you. (The charge of felony murder exists
precisely so that they don't need to know who pulled the
trigger. As I said, they're used to people trying to weasel out of
trouble.)

"But but!" you scream, "there has to be a reasonable doubt there! Only
one of them could have done it, clearly one person is in jail
unfairly, they both have to go free!" -- well, that's the difference
between you and a lawyer. The lawyer doesn't see this as
unreasonable. The court system is not a Turing machine.

Back to our topic: if the software can handle multiple hidden
encrypted volumes and there is unaccounted for space and the volume
you decrypt for them has nothing but pictures of bunnies and sunsets
and hasn't been touched in a year, I think you're going to jail for
contempt if the judge has ordered you to fork over the files.

"But!!!" you insist, "they don't have proof that I'm doing something
qua proof, they just a strong suspicion! Why, it could be anything in
that giant pool of random bits on the rest of the drive! How do they
*know* it isn't just random bits? How do they *know* I don't just look
at bunnies and sunsets and haven't opened that partition in a year?"

You only think that will protect you because you don't understand the
legal system. You see, you're making this assumption that most people
would call "assuming the judge is an idiot".

Judges take a very dim view of people playing them for fools, just
like high school vice principals, and again, the legal system is not a
Turing machine. The judge's superiors on the appeals court will take a
similar view because they were once trial judges and don't like when
judges are played for fools either.

So, the court is not going to pay the least attention to your
elaborate claims that you just like storing the output of your random
number generator on a large chunk of your hard drive. They really
don't give a damn about claims like that. Actually they do
care. They'll be pissed off that you're wasting their time.

If you believe otherwise, go right ahead, but as I said, the jails are
filled with people who have tried very elaborate strategies for
avoiding prison only to discover courts don't care. The courts are
used to people not wanting to go to jail and arguing all sorts of
stuff. Believe the courts are Turing machines if you like, but I don't
think anyone *rational* should go on that assumption. A rational
person is not going to assume that they're going to get off based on
an elaborate technological attempt to confuse the court. They won't.


Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list