1. 15
  1.  

  2. 6

    I saw this yesterday and spent some time thinking about strategies. Without the requirement to be an unbiased juror, I’m inclined to say that anybody willing to sit in jail for seven months is either hiding something bad, or seriously dedicated to principle. THe fact it’s a former cop makes the second possibility even more remarkable.

    Forcing him to reveal the password may be a 5th A violation. But then I thought (playing armchair lawyer), there’s also a kind of second order violation. If he chooses to remain in jail, doesn’t that leak information about how damning the contents are? That’s almost a form of testimony itself.

    What should someone do in these circumstances? I think I’d rather take my chances getting the evidence excluded after the fact, possibly on appeal, than fighting this order. Resist for two days, then argue it was a coerced confession.

    1. 23

      If he chooses to remain in jail, doesn’t that leak information about how damning the contents are? That’s almost a form of testimony itself.

      I can’t bring myself to think that an absence of evidence can be considered evidence. There are plenty of reasons to refuse decryption. One thing that has always troubled me in cases like this is what if you -cannot- decrypt it because you have forgotten the key, or some mechanism prevents using the key you do have?

      There’s also the tricky situation of the Supreme Court ruling that you cannot instruct a jury to infer guilt based on refusal to testify . People are free to draw their own inferences, I suppose, but that’s pretty shaky ground to base a serious criminal ruling on.

      1. 2

        I can’t bring myself to think that an absence of evidence can be considered evidence.

        Legally, I believe that it cannot and should not (in the US), but logically, absence of evidence is evidence (of absence).

        1. 2

          I’d be cautious with your last point, since it’s not correct in general. For example, let’s say I have the flu, but I take a test and it comes back negative. So then the “absence of evidence” (that I have the flu) is NOT “evidence of absence” (that I don’t have the flu). If the evidence in the first clause is not the same as the evidence in the second clause, then I guess it may still be logically correct.

      2. 14

        Without the requirement to be an unbiased juror, I’m inclined to say that anybody willing to sit in jail for seven months is either hiding something bad, or seriously dedicated to principle.

        Of course, there is another possibility: that he doesn’t know it! Consider how easy it would be to run dd if=/dev/random of=/dev/usbkey and drop it on someone’s porch before dialing the FBI. This is a very dangerous precedent.

        1. 2

          Online commentors always bring up “but what if he forgot!?” yet actual real life defendants rarely make that defense. One is certainly entitled to reasonable doubt, though I think it’s reasonable to question the apparent correlation between someone’s memory loss and their potential benefit from that forgetfulness. You typed this password every day for two years, and just now you’ve forgotten it? Is that coincidence or convenience?

          Also, in this case the drives were Time Machine backups. The FBI has good reason to believe they contain encrypted data, not just random data. (Whether they have good reason to believe they know what the decrypted data will be is quite a separate question.)

          Legal precedent can be binding, but it also depends on the particulars of a case. A judge in a different case may rule that the precedent doesn’t apply.

          1. 13

            You typed this password every day for two years, and just now you’ve forgotten it? Is that coincidence or convenience?

            A data point: my hard drive was encrypted for a year (to respect client NDAs in the face of theft/loss) with a 25 character random password. Lenovo took 5 weeks to repair it. I opened it, turned it on, and realized I didn’t remember the password I had typed daily. I could remember a character or two from the middle, but it took about ten minutes of pondering and making attempts to unlock the drive. If 5 weeks put the memory in jeopardy, yeah, I’d believe someone claiming to be unable to recall their password after seven stressful months in jail.

            1. 2

              But did you forget before you went to jail? Without saying it’s right for the court to compel decryption, but assuming so for the sake of argument, “I forgot my password while in jail for refusing to reveal the password” is quite a loophole. The judge would probably admonish the defendant to spend some time thinking about their password to make sure they don’t forget it.

            2. 1

              To prove that he forgot it, which would indeed be suspicious, it would first need to be proved that they knew it to begin with. (It’s possible this has been proven in this case.)

              1. 1

                From a suspect’s perspective, I think I’d also need to evaluate the chances they will guess it anyway. If I claim to have gotten the drives off ebay without knowing the password and the password turns out to be my middle name, it’s not going to look good, and will probably cast doubt on my next alibi…

          2. 12

            We should never take silence as an indication of admission of guilt.

            1. 5

              I’m a huge believer in the right to remain silent. Language is messy and the right to remain silent and non-cooperative. It’s tough for prosecution, but thats the way things work: people have to prove your guilt, not the other way around.

              Seeing lines of reasoning like this sometimes makes me feel that the right to remain silent is more under attack then the right to speak freely.

              1. 4

                If the police conduct an illegal search and find a dead body in somebody’s trunk, that evidence will be excluded from trial and the suspect possibly set free. But that doesn’t mean the dead body doesn’t exist! We, as outside observers, can still say there was a dead body in the trunk. We can even discuss the relative likelihood that the body was placed there deliberately or mistakenly.

                We’re not conducting a legal trial here.

                1. 2

                  If the police conduct an illegal search and find a dead body in somebody’s trunk, that evidence will be excluded from trial and the suspect possibly set free.

                  Possibly.

                  If the warrant was not properly issued, but the affiant, issuing judge and searching officers acted in good faith, the evidence may be admissible. If the car was parked on the street where the police found a one foot wide blood trail leading from my front door up the back of the car, and a bloody handprint on the trunk release lever, the evidence would likely be allowed as it would have been inevitably discovered.

                  The law isn’t always so clear cut. Compelled decryption has a similar history. In one case, a man brought a laptop with child pornography across the border, and the pornography was observed by border agents - but when they shut down his laptop, it was locked thanks to PGP FDE. He was compelled to decrypt the drive as the government already knew with certainty that illegal materials were on his drive.

                  But in another child pornography case, it was found that forcing the defendant to decrypt the disk would be testimonial, so the fifth amendment applied.

                  We’re not conducting a legal trial here.

                  No, but this entire discussion focuses on legalities. Why wouldn’t we discuss them?

                  We may be free to believe that Rawls has child pornography on his laptop – and, based on the facts we’ve heard, I’d wager he definitely does – but debating that point doesn’t really bring anything to the table, does it?

                  1. 2

                    I have no objection to discussing legalities. I’m pushing back against people objecting that I should only discuss legalities.

                    Sometimes people find themselves in situations where quoting their civics 101 textbook isn’t the optimal strategy.

                  2. 1

                    If the police conduct an illegal search and find a dead body in somebody’s trunk, that evidence will be excluded from trial and the suspect possibly set free.

                    Note that this is the situation in the US, but for example not in Germany, where I come from.

                    The way of reasoning, I see in both.

                    I don’t see the right to remain silent as a pure legality.

                2. 3

                  I’m sitting on a trial right now that, while not related to this in any way, has opened my eyes to the effectiveness of certain defense strategies.

                  Even a middling defense could probably mount a strong a case for reasonable doubt, depending on the other evidence and testimony. Playing up the debate about encryption could resonate with some jurors but the subject matter could also cause them to swing the other way. However, since this is federal case, I would imagine that the other evidence against him is strong.

                  I personally think not choosing to decrypt would be the best strategy, since you’re then relying on possibly circumstantial evidence and the testimony of others. You can find testimony incredulous but it’s harder to argue against actual possession.

                  1. 1

                    What should someone do in these circumstances? I think I’d rather take my chances getting the evidence excluded after the fact, possibly on appeal, than fighting this order. Resist for two days, then argue it was a coerced confession.

                    I think in the case of child porn, it’s bad enough to be accused of it! If there’s actual evidence (usable in court or not), it’s simply game over.

                    But, in terms of strategy, I think the only thing you can reasonably do is figure out a way to use the fifth amendment to avoid decryption. That might cast doubt on him, since “why fight for the right to not incriminate yourself” if you’re not guilty, but if this is the only evidence against him (unlikely), it might work. A good lawyer would bring up the fact that loads of people sided with Apple against the FBI; good people, with nothing to hide, still feel that encryption is a right, and being compelled to decrypt is a violation of privacy, etc.

                  2. 1

                    Obviously, the safe thing to do is use a rubberhose proof filesystem. “These drives are encrypted, you are right. But, there’s nothing useful on them, see? – types valid password

                    1. 4

                      “Huh. That’s not what we’re looking for. You entered the fake password.” swings hose again, this time with feeling.

                      1. 5

                        I’ve always thought the only way deniable encryption would really work is if you put something patently illegal but less of a problem in the first layer. Nobody is gonna buy an “I forgot it” or “I really didn’t want to decrypt ‘my tax returns’” excuse for not decrypting the container; it’ll just draw more attention and investigation.

                        Maybe evidence that you’re committing minor tax fraud, receipts for low-level drug buys, or something like that. Or something that would be personally embarrassing.

                        Then you can happily keep your child pornography, evidence of a drug empire, map showing where you buried the prostitutes or whatever else in the hidden layer. And if you ever ordered to decrypt your devices you can stall for a bit, spend some time in jail hoping your lawyer can get the order tossed, and finally say “ok, I had the password the whole time - I didn’t want to reveal it because I didn’t want to get in trouble”.

                        You eat the charge for whatever is in the top layer but if you do it right the criminal/societal penalties are far friendlier than if you were caught with whatever is in the lower layer.

                        1. 5

                          Degree of difficulty: 11.

                          1. 4

                            Degree of difficulty: 11.

                            oh yeah, don’t disagree at all - that’s why I think deniable encryption is the pipe dream to end all pipe dreams.

                            1. 2

                              Solution: use one-time-pads for everything; make sure to keep two keys, one of which decrypts to the thing you want to save, and one of which decrypts to the thing you want to reveal.

                    2. -4

                      He should be jailed either way—not for exercising his Fifth Amendment rights, but because he might possess child pornography. The circumstantial evidence:

                      …the suspect’s sister … claimed she looked at child pornography with her brother at his house.

                      Not exactly incriminating evidence, but it definitely calls for further investigation; he should remain under lock and key in the meantime. However, it’s a mistake to stop the investigation there and hand him a jail sentence. So far, he’s only refused to provide evidence for a case in which he hasn’t been proven guilty beyond a reasonable doubt. He could be completely innocent, refusing to decrypt the drives either on moral/philosophical grounds or for personal reasons.