| Submit your comments on this article |
| Home Front: Tech |
| Minnesota: Encryption Software Is Evidence Of Criminal Intent |
| 2005-05-26 |
| A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. Ari David Levie, who was convicted of taking illegal photographs of a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif. But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict. "We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3. Randall favorably cited testimony given by retired police officer Brooke Schaub, who prepared a computer forensics report--called an EnCase Report--for the prosecution. Schaub testified that PGP "can basically encrypt any file" and "other than the National Security Agency," nobody could break it. The court didn't say that police had unearthed any encrypted files or how it would view the use of standard software like OS X's FileVault. Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser. Judge Thomas Bibus had convicted Levie of two counts of attempted use of a minor in a sexual performance and two counts of solicitation of a child to engage in sexual conduct. The appeals court reversed the two convictions for attempted use of a minor, upheld the two solicitation convictions, and sent the case back to Bibus for a new sentence. So the standard for legal encryption would be security so poor that any local police department could break it? |
| Posted by:Anonymoose |
| #13 ...a lawyer can argue chain of custody: the drive is part of the compuyter and removing the drive constitutes evidence tampering by the prosecution. Nope. As long as the drive is pulled officially, and logged as evidence, it can then be bitwise-copied without disturbing anything. Perfectly legal, happens all the time. |
| Posted by: mojo 2005-05-26 17:12 |
| #12 Good point, Xbalanke ... And I should point out that any piling-on of evidence against a kiddie-pr0nner is fine by me ... |
| Posted by: ExtremeModerate 2005-05-26 14:35 |
| #11 I gave out bad information. Sorry. The only thing the shell script will do is to make files harder to delete. It won't protect the file from being viewed at all. setting the directory and its contents to 0000 will make it hard for all but root to access the file, but as JFM said, removing the harddrive and attaching it to another computer may defeat that precaution. |
| Posted by: badanov 2005-05-26 12:34 |
| #10 PGP is available for free for personal use, at least for some older operating systems: http://web.mit.edu/network/pgp.html |
| Posted by: Tom 2005-05-26 12:03 |
| #9 I fully agree that the possession and use of encryption software by itself cannot be evidence of criminal intent, but in conjunction with evidence of real criminal activity it can be taken into account. For example: I was on a jury on a drug trafficking case. The guy was caught with lots of heroin (1/2 lb.) and some cocaine. Entered into evidence to bolster the Trafficking angle (as opposed to simple possession with intent to distribute) were many items that in isolation are not illegal to possess. These included thousands of mini plastic baggies and labels, and various cutting agents. The mere possession of these items was not illegal but was evidentiary regarding criminal intent. I'm no lawyer, and I don't play one online - I'm just throwing this out as another perspective on this case. Just some food for thought... |
| Posted by: Xbalanke 2005-05-26 11:38 |
| #8 This is a nice example of people not "getting it" when it comes to the new tech (and it's not even that new, now is it?) ... I've written a couple of my own mini-tools for encrypting and packing data files into a single file, intended to be used as a computer game's resource file ... I still have those tools, along with several encrypted/packed files, on my computer ... and I live in Minnesota. I think I better get a lawyer before I say any more ... :-/ ;-D |
| Posted by: ExtremeModerate 2005-05-26 10:45 |
| #7 I once took a class on cryptology, which taught me how to hand-create and crack letters and such with all kinds of ciphers from the caesar cipher to PGP and RSA. am I a criminal now? |
| Posted by: Miss Gunn 2005-05-26 10:19 |
| #6 Then there's Windows Encrypted Filesystem.... Encryption is used to store passwords.... (you know this makes the Minnisota Appeals Court judges all PEDOPHILES!) Banks use encryption routinely for transmission of financial information... Medical inforation... VPN.... The list goes on and on and on and on.... |
| Posted by: CrazyFool 2005-05-26 09:58 |
| #5 Yes, God can do that, but then a lawyer can argue chain of custody: the drive is part of the compuyter and removing the drive constitutes evidence tampering by the prosecution. |
| Posted by: badanov 2005-05-26 09:55 |
| #4 Badanov God can remove your hard disk, put it on a computer where he is root, read the files and then put the disk where it was. I will not mention tricks like booting single user because I suppose you have a Grub plus boot passwords. |
| Posted by: JFM 2005-05-26 09:46 |
| #3 Additional comment: This ruling is in direct violation of the 1st Amendment. I can see if the cops found evidence that the encryption program was used to hide the crime, but mere evidence of it's existance? As can be shown above and by others, there are TONS of Unix programs/tools which can be used to prevent unauthorized access to files, the above example is but one way. (I use the above scheme, minus the 'a' switch, to protect maintencence scripts from myself on a Linux file server.) A smart lawyer can get this ruling overturned as it affects data security in a profouond way. |
| Posted by: badanov 2005-05-26 09:36 |
| #2 This isn't a form of encryption, so here goes: cd /affected/directory/ chattr +ai /affected/directory/ chattr +ai /affected/directory/* Set a 20 plus character root password, and not even God can see the files. Note this script should not be used with child pr0n. |
| Posted by: badanov 2005-05-26 09:30 |
| #1 Oh great - This is so stupid. This makes anyone who ever order anything on the inernet, anyone using online banking, anyone who logs onto hotmail a pedophile. They are use SSL which uses encryption.... |
| Posted by: CrazyFool 2005-05-26 09:17 |