Encryption blurs admissible evidence in child porn case

[Zguy28]

Encryption blurs admissible evidence in child porn case

http://blogs.techrepublic.com.com/tech-news/?p=2052&tag=nl.e036

Sebastien Boucher was stopped at the United States - Canadian border on Dec. 17, 2006. At that time, agents inspecting his computer said that they found files containing child pornography. Boucher was promptly arrested, but when the authorities tried to access the files, they ran into the PGP encryption program.

Boucher, a 30-year-old drywall installer, is a Canadian with U.S. residency in New Hampshire where he works. When he was stopped, he assisted agents in the initial inspection, which revealed files with names such as “Two-year-old being raped during diaper change” and “pre-teen bondage.”

Boucher admitted to downloading pornographic images from the Internet through a news board but stated that he unknowingly downloaded images of child pornography. He claimed that he deleted images of child pornography when he realized it, according to an affidavit filed by Immigration and Customs Enforcement.

According to federal Magistrate Jerome Niedermeier on Nov 29, 2007, “Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop. The password is not a physical thing. If Boucher knows the password, it only exists in his mind.”

On the face of it, this case is simple — a person trying to carry pornographic images of children across an international border. The catch is whether the courts can compel him to voluntarily abandon his rights under the Fifth Amendment.

From the Globe and Mail:

Orin Kerr, a law professor and computer crime expert at George Washington University, said the distinction that favours the government in Boucher’s case is that he initially co-operated and let the agent look at some of the laptop’s contents.

“The government can’t make you give up your encryption password in most cases. But if you tell them you have a password and that it unlocks that computer, then at that point you no longer have the privilege,” he said.

Tien, the attorney with the Electronic Frontier Foundation, said a person’s right to keep a password secret is a linchpin of the digital age.

Encryption is “really the only way you can secure information against prying eyes,” he said. “If it’s too easy to compel people to produce their crypto keys, it’s not much of a protection.”

Another point to consider is that if Magistrate Niedermeier’s ruling is allowed to stand, the result could be “dangerous” for law enforcement. According to Mark Rasch, a privacy and technology expert with FTI Consulting and former federal prosecutor, “If it stands, it means that if you encrypt your documents, the government cannot force you to decrypt them. So you’re going to see drug dealers and pedophiles encrypting their documents, secure in the knowledge that the police can’t get at them.”

At the end of the day, we have to consider some truly gripping questions. First, we have to recognize that the rule of law is the rule of law for all. If you fall into U.S. jurisdiction, you are subject to whatever ruling is mandated as “law” on this question.

If we say that by encrypting the files, the individual had a reason to believe that the information should be private, is it okay to say that when the individual is a suspected terrorist? Or pornographer? Or senior business official? Is one better than another?

If we decide that a person’s Fifth Amendment rights are inconsequential, are they always inconsequential? Are we then compelled to self-implicate? Where does the Fifth fit in?

This brings us to some crucial underlying questions — Where is the line, and HOW do we draw it? Or is the question HOW do we define the line? Can law truly BE case-by-case?

While the first person to test existing law has an unsavory rationale, I have to ask- would you care more if the files under fire were private business documents? Would you feel differently if they were personal documents between you and your significant other? Would you feel differently if they were personal documents between you and your terrorist cell?

How do you think these documents should be handled? Because of their very nature, it seems as if each incident should be considered on its own merits, but how do we define the supporting law?

This isn’t about one guy with questionable content on his laptop. It is much deeper, and the impacts of the answers are far-reaching.

Can you excuse pornography, even child pornography, to keep your business safe? How about your country? How do we define the boundaries, and what is our message to the law makers? How about to law breakers?

More information:

In Child Porn Case, a Digital Dilemma (Washington Post)

Child-porn case hinges on laptop’s password (Orlando Sentinel)

Encrypted laptop poses privacy dilemma (CIO Today)

[Teller]

“The government can’t make you give up your encryption password in most cases. But if you tell them you have a password and that it unlocks that computer' date=' then at that point you no longer have the privilege,” he said.[/quote']

WTF???

Look, I hate kiddie porn and the dirtbags who partake in it as much as anyone else, but this seems kind of ridiculous to me. (And I say that as a former police officer, and someone who errs, admittedly, on the side of law enforcement in most cases.)

Most people know that you have a right to tell an officer, "No, you can't search my vehicle." How many of us knew about the handy little qualifier in this case? I sure as hell didn't.

And let's say this guy DID know about this situation. Suppose he says, "Um, no you can't have my password." OR "My computer doesn't have a password." Do you think he gets into this country? Not a chance in hell. (And how hard is it to figure out whether or not a computer has a password lock? It's pretty obvious when you get prompted for it. And if you said you DIDN'T have a password, now you've provided false information to a federal officer. Lovely.)

Like I said, I generally err on the side of the law and it's enforcement. But this catch-22 inevitably leads to unreasonable searches, and NONE of us can afford to stand for that.

[Larry]

I'm a big defender of restrictions on government powers.

But even I will admit that people, when crossing international borders, have diminished expectations of privacy.

People crossing borders, for example, don't have the right to refuse to open their suitcase.

[Fergasun]

Larry,

But why does the government need to search your hard-drive? Does that mean if I am involved in a traffic stop and my laptop is in the car that they can search my laptop? The government would like to say yes, but what is the purpose of these searches?

Your briefcase can hold a limited amount of documents, but your laptop could hold documents that are 20-30 years old. I thought the Supreme Court upheld that he doesn't have to give out his encryption key.

But don't worry, first they take away the rights of terrorists, then they take away the rights of pedophiles, then drug offenders... etc. I'm not even convinced that possessing child pornography should be a crime anymore than possessing goat-sex pornography (making child pornography absolutely different).

[Larry]

Larry,

But why does the government need to search your hard-drive? Does that mean if I am involved in a traffic stop and my laptop is in the car that they can search my laptop?

They can't search your car in that case, either. (They can look at whatever they can see through the windows, but that's it.)

To go further, they need your permission, or a warrant. (Although I understand they do have some tricks they can use to get a warrant. But that's another matter.)

-----

Now, yeah, I do have a bit of a problem with the government's right to check for people smuggling information.

Yeah, I have a problem with the government demanding passwords at the border. But it's not a BIG problem to me, simply because I can't think of a good reason why your laptop is entitled to more privacy than your other luggage.

[Fergasun]

Yeah, I have a problem with the government demanding passwords at the border. But it's not a BIG problem to me, simply because I can't think of a good reason why your laptop is entitled to more privacy than your other luggage.

Because it potentially can hold more data. If they search your breifcase there is a finite amount of information they can find. But a digital device holding 100+ Gigabytes of data could have so much information. I thought the purpose of searches was to make sure you don't post an imminent threat?

[Larry]

Because it potentially can hold more data. If they search your breifcase there is a finite amount of information they can find. But a digital device holding 100+ Gigabytes of data could have so much information. I thought the purpose of searches was to make sure you don't post an imminent threat?

So they should be allowed to search your briefcase, but not your roll-around footlocker, because the footlocker's bigger?

[Fergasun]

I don't know, but it seems like if they fish around your hard-drive there's some line being crossed. How long should a "reasonable search" take? I just think there's something wrong with them being able to search your laptop.

[Destino]

I don't think customs should be able to demand your encryption password. There is no telling what you have encrypted and frankly more often than not encryption is used for legal and professional reasons. Kiddie porn is likely not spread by carrying it around on a laptop being that I can't imagine a more dangerous way of doing it - if you are caught you are caught with it on your person.

Encryption, from my experience with it, is used for business communications that you obligated to keep secret. Most sign a contract to that effect.