Judge orders defendant to decrypt PGP-protected laptop

John Gilmore gnu at toad.com
Tue Mar 3 20:05:32 EST 2009 

> I would not read too much into this ruling -- I think that this is a
> special situation, and does not address the more important general
> issue.  
> In other cases, where alternative evidence is not available to the
> government, and where government agents have not already had a look at
> the contents, the facts (and hence perhaps the ruling) would be
> different.

Balls.  This is a straight end-run attempt around the Fifth Amendment.
The cops initially demanded a court order making him reveal his
password -- then modified their stance on appeal after they lost.  So
he can't be forced to reveal it, but "on a technicality" he can be
forced to produce the same effect as revealing it?  Just how broad is
this technicality, and how does it get to override a personal
constitutional right?

If the cops bust down your door and you foolishly left your computer
turned on, are they entitled to make you reveal your encryption
passwords anytime later, because your encrypted drive was accessible
when they ran in screaming at your family and shooting your dog?
Suppose they looked it over and typed a few things to the screen?
Suppose they didn't?  Suppose they used a fancy power-transfer plug to
keep it running as they walked it out the door, but they tripped and
dropped it and it powered off?  That's a technicality, isn't it?

Don't forget, this is a nuisance case.  It's about a harmless Canadian
citizen who's a permanent US resident, who crossed the Canadian border
with his laptop.  A guy smart enough to encrypt his drive.  On the
drive, among other things, was a few thousand porn images downloaded
from the net.  Legal porn.  The border guards, who had no business
even looking at his laptop's contents, trolled around in it until they
found some tiny fraction of the images that (they allege) contained
underage models.  (How would *he* know the ages of the models in
random online porn?  Guess he'd better just store no porn at all,
whether or not porn is legal.  That's the effect that the bluenoses
who passed the "child porn" laws want, after all.)  That's the "crime"
being prosecuted here.  This isn't the Four Horsemen's
torture-the-terrorist-for-the-password hostage situation where lives
are at stake and the seconds are ticking away.  This is a pointless
search containing the only evidence of a meaningless censorship
non-crime.  If the feds can force you to reveal your password in this
hick sideshow, they can force it anytime.

Suppose the guy had powered off his laptop rather than merely
foolishly suspending it.  If the border guards had DRAM key recovery
tools that could find a key in the powered-down RAM, but then lost
the key or it stopped working, would you think he should later be
forced to reveal his password?

Suppose they merely possessed DRAM key recovery software, but never
deployed it?  Hey, we claim that you crossed the border with that key
in decaying RAM; fork over that password, buddy!

Don't give them an inch, they'll take a mile.  Drug users can now not
safely own guns, despite the Second Amendment.  Not even guns locked
in safes in outbuildings, because the law passed against "using a gun
in a drug crime" has been expanded by cops and judges to penalize
"having a gun anywhere on the property even though it was never
touched", and even when the only drug crime was simple possession.
Five year mandatory minimum sentence enhancement.  (Don't expect NRA
to help -- their motto is "screw the criminals, leave us honest people
alone".  That's no good when everybody's a criminal, especially the
honest people like this guy, who had nothing to hide from the border
guards and helped them search his laptop.)

> 	Sessions wrote: "Boucher's act of producing an unencrypted
> 	version of the Z drive..."

There is no such document as "an unencrypted version of the Z drive".
It does not exist.  It has never existed.  One could in theory be
created, but that would be the creation of a new document, not the
production of an existing one.  The existing one is encrypted, and
the feds already have it.

I'm still trying to figure out what the feds want in this case if the
guy complies.  They'll have a border guard testify that he saw a
picture with a young teen in it?  They'll show the jury a picture of a
young teen, but won't "authenticate" it as a picture that came off the
hard drive?  It can just be any random picture of a young teen, that
could've come from anywhere?  How will that contribute to prosecuting
this guy for child porn?

Maybe they're just bored from training themselves by viewing official
federal child porn images (that we're not allowed to see), or
endlessly searching gigabytes of useless stuff on laptops.  Instead
they want the thrill of setting a precedent that citizens have no
right to privacy in their encrypted hard drives.  Let's not help them
by declaring this guy's rights forfeit on a technicality.

	John

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list