MN: Encryption Software Evidence of Criminal Intent

Status
Not open for further replies.
Dave Markowitz

Dave Markowitz

Member
Joined
Dec 24, 2002
Messages
9,120
Location
SE PA
Apparently, a Minnesota appeals court thinks so. See http://news.com.com/2100-1030_3-5718978.html.

As with a lot of hard cases, the defendant in this case isn't especially sympathetic -- he's someone convicted of a child pornography charge. That said, let's step back for a second, especially in light of the fact that,

"The court didn't say that police had unearthed any encrypted files or how it would view the use of standard software like OS X's FileVault."

In other words, the the mere presence of encryption software -- in this instance PGP -- on a defendant's computer can be evidence of criminal intent. Wow.

As Declan McCullagh mentioned in the linked article, Mac OS X includes "FileVault," an encryption utility. Microsoft Windows 2000 and XP allow you to encrypt files. Various Linux distributions, such as SUSE, support CryptoFS. And of course there is a plethora of third-party encryption utilities like PGP and GNUPG. Now a court has said that having any one of these programs loaded on your computer can be used as evidence against you in a court of law.

How does this square with the Fourth Amendment right to be "secure in [one's] ... papers, and effects .." Or the Fifth Amendment's proscription against being compelled to bearing witness against oneself?

This court's line of reasoning can easily lead elsewhere. I wonder what other items the court might look at as evidence of intent. It's not too much of a stretch to see it used as another way to undermine the Second Amendment.
 
I've got several personal files encrypted on my home 'puter.

Good thing I'm not in Minnesota.

LawDog
 
Not to get this off topic. What are some good encryption softwares? Either free or purchase.


Back on topic. This is bad, so if you run a legal business, and encrypt your files, you are guilty of something? It would allow for PC. MORE gets piled on the Police State heap
 
Separate from this particular defendant: From what I'm reading, here and there, if you're involved in any controversy with the Feds--e.g., political activism of some sort that's non-PC--you better not have any files in your computer that relate to your activities.

Not only saved, but kept at a separate location. Ask Tim Sundles of Buffalo Bore Ammunition. He got caught up in a USF&WS witchhunt about wolves, and all his business records were taken. Cost him some $35,000.

Art
 
Vernal45, check out PGP and GNUPG . If you are using Windows 2000 or XP, or Mac OS-X, you already have the capability to encrypt files on your hard disk.

Art ... yup. :(
 
The way I read this was that in this particular instance, the presence of PGP on his computer was used evidence that he was trying to hide what he knew was a crime. Y'know ... mens rea and all that. Of course, they'd probably also have to prove that he used it to encrypt his child porn.

Then again, I could be wrong.
 
check out PGP and GNUPG . If you are using Windows 2000 or XP, or Mac OS-X, you already have the capability to encrypt files on your hard disk.
Click to expand...

Thanks. Will check those out, guess I am a computer dummy, did not know xp had encrypt programs, cant figure out how to use it, :D , but will keep trying.
 
Hey that guy has a safe, he must have ILLEGAL GUNS!

Same logic really. This court is foolish.
 
I agree with Cordex. I think they are helping to establish the fact that he knowingly had illegal material. To use a different example: If a person was arrested in a bank with a gun, ski mask, and a bag. It would be difficult for that person to argue that they just accidentally entered the bank with a gun because the ski mask and bag show intent. Having the bag and ski mask is not a crime but the possession of them in combination with a gun inside the bank establishes intent to commit a crime.
 
Vernal45,

If you use the 2000/XP's ability to encrypt files or folders be aware that if you use any method to reset your login password that does not require typing in the old password first - i.e., changing it from the Manage Users & Groups or by a third part program such as NTPassword, your access to those files will be gone and not recoverable by reasonable means.
 
Reading the article it says

"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
Click to expand...

That doesn't necessarily mean they're saying it constitutes criminal intent, merely that it is relevant to the case. If I'm charged with shooting someone my ownership of a gun doesn't constitute criminal intent but it is relevant to the case. Any of our resident lawyers want to weigh in on this?
 
I agree with Cordex. I think they are helping to establish the fact that he knowingly had illegal material.
Click to expand...

That's what they are using it for, but do we want to go down that road? The court did not find that the defendant had actually used the encryption software to protect any files on his PC. The mere presence of the software was allowed as evidence of criminal intent.

This is akin to allowing the fact that someone legally possessed a firearm during the commission of tax fraud to be used as evidence of criminal intent.
 
I would not trust Microsoft's encryption personally.

If you use PGP or GPG (free variant) be sure to use symmetric encryption with a strong password. I recommend 256-bit AES algorithm. Using the public key to encrypt personal files will not do you much good since the private key is sitting on the hard drive readily available to whomever has access to your computer.
 
The poiint is not wherther or not built in encryption is good enough, the point is that the lattest Windows and Mac OS's come with some sort of encryption built in, and having the encrypted files got him in some trouble.
 
Even if the files were kept off site (on a remote server), the encryption software would still have to be on the computer, right? Could both the files and the encryption software be kept on a plug in device? How would that work?
 
http://www.pgp.com/downloads/desktoptrial.html

PGP 9.0 "Desktop Trial" is what used to be known as PGP 8.0 Freeware. As part of the deal the new PGP company made with the company they bought the rights from, they have to offer a free version of PGP forever, but you'd have no idea of that going through their webpage. Basically, the trial gives you 30 days of all the bells and whistles, and then regular PGP for life. IIRC correctly, you lose the e-mail and IM plugins, but keep the ability to encrypt/sign/decrypt/verify files and text.

http://www.truecrypt.org/downloads.php

TrueCrypt 3.1a creates container files that can be mounted to look like a new hard drive in Explorer. Anything you save in these container files is encrypted--to make it so no one can access them, all you have to do is press a key combo to unmount the drive. (Drives are not mounted at bootup.) Popular commercial alternatives include PGPDisk and DriveCrypt.

http://www.stud.uni-hannover.de/~twoaday/winpt.html

WinPT (Windows Privacy Tray) is a PGP-like frontend for GnuPG. To install both at once, pick the option labelled "graphical installer with WinPT and GPG". I don't know what features GnuPG has compared to PGP, but it seems to be a very popular alternative.

And a quick reply to RileyMC - all you need from your PGP installation is your private keyring (public would be nice, too, but not necessary if you and your friends are good about sending those to the public keyservers.) The private keyring is well under a meg in size and could be easily transported on anything as archaic as an old floppy disk. As long as you have the private keyring, you can import it to any installation of a PGP compatible program and use your password to decrypt your files there.
 
But hey, so many people tell us that we're not on the way to a police state, so we shouldn't worry about this, right? :fire:

We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.

Randall favorably cited testimony given by retired police officer Brooke Schaub, who prepared a computer forensics report--called an EnCase Report--for the prosecution. Schaub testified that PGP "can basically encrypt any file" and "other than the National Security Agency," nobody could break it.
Click to expand...

By this logic, if I'm running Windows 2000 or later, or Mac OS X, the fact that I have the capability to encrypt stuff on my computer and access to the Internet can be used against me as evidence if I should be accused of a crime--as long as it's "somewhat relevant". Even when there is evidence that I didn't use it in commission of the crime of which I stand accused. Now there's a nice squishy situation for you.

So by analogy, the fact that I own a gun and ammunition--not that I have used it, remember--those facts alone could be used against me in court if they were "somewhat relevant" to the crime I'm accused of.

The crime isn't child pornography, it's oh, tax evasion or something similarly nonviolent. Hey' it's somewhat relevant! I was knowingly doing something illegal and I may have planned on using the gun on an investigator.

:what:
 
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
Click to expand...
and
Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.
Click to expand...
Again ... he was not arrested and convicted for having PGP. It was presented as "somewhat relevant to the state's case." From there, the judge and jury had to make determinations as to whether or not it was - in fact - something worth giving consideration. I'm sure a decent defense would ask questions like:
"Were encrypted files located on the machine?"
"Do you have any evidence any such encrypted files located contained illicit materials?"
And so forth.
That wasn't enough to save him.

Assuming the nine-year-old girl was telling the truth, I'm not worried a bit since that's the evidence that really skewered him.
 
If a person was arrested in a bank with a gun, ski mask, and a bag. It would be difficult for that person to argue that they just accidentally entered the bank with a gun because the ski mask and bag show intent. Having the bag and ski mask is not a crime but the possession of them in combination with a gun inside the bank establishes intent to commit a crime.
Click to expand...

Um. Last winter, I went into my bank to cash a check. I had my ski mask in my jacket pocket, along with squished up shopping bag from a convenience store I had visited just prior. I also had a handgun concealed on my person. So I could've been charged with "intent?"

Those of you who want to trust encryption routines in commercial software: think carefully about it. I'm not a tinfoil hat person, but I'm paranoid enough not to fully trust encryption software if I can't view its source code. I wouldn't be at all surprised if .gov had backdoors to the encryption routines used by Windows and OS X. A backdoor in PGP would surprise me. However, OpenPGP, Linux, FreeBSD - all of these have openly auditable source code available.

Based on the girl's testimony, this guy should spend a nice long time in prison. I don't have any sympathy for him. But to consider the presence of encryption software alone as proof of intent to commit a crime seems ridiculous. There are other, perfectly reasonable legal uses for the software, even for a scumball child pornographer.
 
Status
Not open for further replies.

Similar threads

A
  • Locked
one would think that FBI would show greater care, wouldn't one?
Replies
5
Views
555
SKN
S
P
  • Locked
Happy Independence Day ...
2
Replies
35
Views
1K
roo_ster
roo_ster
W
  • Locked
The Three Steps In Heller vs D.C:SCOTUS'S Crucial Answers
Replies
0
Views
370
Winchester 73
W
H
  • Locked
FBI taps turned-off cellphones (aka "roving bug").
2 3
Replies
55
Views
7K
SalTx
S
Mainsail
  • Locked
WA Supreme Court & Weapons Enhancements
Replies
1
Views
562
Mainsail
Mainsail
Back
Top