The defendant provided the password to his iphone (that contained highly-unsavory media of his nieces), which contained an unlock code for his laptop (filevault backup decrypt key). He connected the external drives to this laptop, and when he'd transfer media from his laptop to the drives, logging would occur with the file checksums. The hash/checksum is on the laptop with the filepath to the identified external drives, and because the hashes match known media of child victimization, the prosecution knows exactly where the evidence exists on the drive, once decrypted.
If the hashes are known to match, there is really no need for the original pictures, the evidence is already there?
This makes it sound more like it's a fishing expedition for evidence to use in other investigations, or to find evidence for a more severe punishment, both of which one can morally agree or disagree with, but is it how justice should work? I honestly don't know, but I think probably not.
It's a detestable crime, which is exactly why we must not allow the law to be bent out of shape because of that, as the results will be used in other cases where our moral compass maybe wouldn't sway our judgement as much.
The only justice we can enact, flawed at rational reasoning as we are, is a dispassionate justice. One where we as much as possible defer to the few rational facilities we have. Weak, but nonetheless, logical and rational thinking, is what we must base our arguments upon, as we are so easily swayed by our instinct to protect our children at any cost, often with little regard to what consequence it might have in a distant future.
I'm confused by your reasoning here. If we agree that the files are definitely on the system how is it a "fishing expedition" to want to see those files for further investigation. A fishing expedition would be forcing everyone to submit their devices for inspection on the off chance of finding evidence - this case is one where the evidence is known to exist and a person is refusing to hand it over.
The less emotive case would be the hard drive contained bank statements for tax avoidance - and I would still think that a court should be able to compel someone to produce that.
Would you like to go to trial and attempt to persuade 12 non-technical jurors that "hashcodes" unequivocally demonstrate beyond any reasonable doubt that there is child porn on the external hard drive?
It's a foregone conclusion technically that the illegal content is on the hard drive. His guilt is not a foregone conclusion (not in the US anyway).
The file hashes basically takeaway any good self-incrimination argument he could make and there might also be evidence of further criminality on the hard drive.
Sorry, but legally, the latter should be the only standard of truth. If he exposes himself to a higher standard of guilt, then he is incriminating himself.
But are we not just in the world of normal warrants here?
To my mind private spaces (be that my house or my hard drive) should have some protection, but it seems reasonable that that is less than my personal freedom.
I have no issue with a warrant being issued on a balance of probabilities basis in order to find evidence to convict a person based on beyond a reasonable doubt.
And all this ignores the possibility of discovering further crimes and accomplices by investigating the contents of this drive - if there is a balance of probabilities likelihood of find those on the drive I don't see any problems with compelling this to be revealed.
> I have no issue with a warrant being issued on a balance of probabilities
The problem with this is it isn't consistent with how the law works in other cases. For example, A judgment of 'guilty' is considered absolute, not probabilistic.
This is only part of their motivation. The other is that the prosecutor likely wants to avoid setting a precedent that future defendants can cite in their defense.
> If we agree that the files are definitely on the system [snip]
then prosecute him and be done with it. Anything else is either a fishing expedition or we don't all agree that the files are definitely on the system... in which case it's still a fishing expedition.
hashes can be inaccurate, it isn't a foregone conclusion in reality, just in their opinion.
I told this story before, but I once read an article about a police officer who said it was impossible for another person to have logged into an account because it was password protected, when we know that's not even close to being true.
impossible and improbable are not the same thing, and I sure as shit don't feel comfortable making the case that it's 100% locked in because of a hash.
The requirement should be for them to look at the actual content, not the hash.
> near is not the same thing as impossible. I told this story before, but I once read an article about a police officer who said it was impossible for another person to have logged into an account because it was password protected, when we know that's not even close to being true.
That's not even the same realm as this case:
> The Forensic examination also disclosed that Doe had downloaded thousands of files known by their “hash” values to be child pornography[0]
Thousands of hash collisions would require prior knowledge of the values and a concerted effort to deceive. It would be more realistic to say that human perception is broken when looking at the media than it is to argue with the mathematical reality at play here.
> The requirement should be for them to look at the actual content, not the hash.
Refusing the evidence known to exist and definitely covered by probable cause is why the defendant is still in custody.
No one is arguing with the legal argument, there are a lot of legal arguments that most people don't believe should exist.
So using the law to defend yourself doesn't really apply here.
> Thousands of hash collisions would require prior knowledge of the values and a concerted effort to deceive. It would be more realistic to say that human perception is broken when looking at the media than it is to argue with the mathematical reality at play here.
This confidence is why my anecdote applies. That confidence is flat out scary when you hear people in law use terms like "impossible" or "virtually impossible" when speaking about things that are not.
This is about the only way I'm ok with what they are doing. If this is the case, then I'm 100% ok with compelling him to unlock the drive for the sole purpose of accessing those files. Anything else on the drive should be off limits as it then becomes testimonial.
To me the danger is, what if this person committed other crimes and by unlocking the drive he give the prosecution info about those crimes. In a world where the investigators and/or prosecution have gotten away with parallel construction I wouldn't expect them to play fair. I mean, realistically it sounds like they guy is guilty as sin. That being said, I'd rather he get away with those hypothetical crimes than we start allowing situations like this to happen.
So, to recap, make him unlock to read the known files (by exact path) and nothing else on the drive.
To me, this whole thing smells of the classic tactic of telling the guy, "We know you're guilty; just confess, and we'll go easy on you." Which, of course, is a lie.
So I am of the opposite opinion. If the hash information isn't enough to try him with, then I'd rather he go free, than set a precedent that it's acceptable for a court to compel someone to decrypt information because someone in law enforcement just "knows" the evidence is there. Because once this order is allowed to stand, the level of certainty required to compel decryption is going to continually be lowered.
> To me, this whole thing smells of the classic tactic of telling the guy, "We know you're guilty; just confess, and we'll go easy on you." Which, of course, is a lie...If the hash information isn't enough to try him with, then I'd rather he go free, than set a precedent that it's acceptable for a court to compel someone to decrypt information because someone in law enforcement just "knows" the evidence is there.
I'm sympathetic to why you'd be cautious, but that's not fitting in this case -- this is a highly specific case with a number of circumstances that meaningfully differentiate it from the generic case of providing decrypted media. He's guilty and the checksums are enough to convict him (we're talking many checksums, metadata, partial confessions) and this is about him frustrating the discovery process.
> Because once this order is allowed to stand, the level of certainty required to compel decryption is going to continually be lowered.
This is a slippery slope fallacy. I had some leaning towards this perspective, but then I read the source document, which goes into far more detail. There's a definite nuance to this case.
I appreciate what you're saying about a slippery slope, but I don't find that the nuance of this case necessarily makes it a fallacy. The judge has compelled decryption based on hashes of files left around in logs on the hard drive, but what if an ISP reports that files with those hashes have been downloaded by a particular IP address?
The FBI gets a warrant, executes a raid, picks up every piece of electronic equipment in the place, but can't find the files the ISP says should be there. Can the defendant, in this case, be compelled to decrypt an encrypted hard drive file or partition at this point, because law enforcement "knows" that those files are somewhere in his (digital) possession? What if it were a guest in his house? What if it were the neighbor, stealing wifi?
Based on this precedent, I think another judge could find reasonable cause to compel in that scenario. Is this a violation of the 5th Amendment? The defense FOR the judge's actions in this case -- based on other reasoning in this thread -- is that only files with those hashes could be used against him, at this point. In this hypothetical case, though, what if LE found OTHER files of child pornography? Would they be admissable? Alternatively, if they found other material (e.g, bomb-making), could it be used against him in a separate case? I'm not sure I trust the government in either one of these situations.
It seems highly likely that we'll get a government employee's opinion on precisely this scenario someday, and I don't think that this employee is going to find in a manner against his employer. As with so many other of the Constitutional protections of the Bill of Rights, they've slowly been chipped away in precisely these kinds of legal "corner cases." Sue me for being paranoid.
Have we not spent the past couple of years confirming that the "slippery slope" of catching "bad guys" has, in fact, completely eliminated the protection of the 4th Amendment for communications? You could argue that it hasn't, because the government hasn't prosecuted a citizen based on the warrantless, wholesale monitoring of any and all electronic communications -- THAT WE KNOW OF -- but it's extraordinarily clear that shouldn't be happening in the first place, according The Constitution.
I'm glad you didn't take offense to me making reference to the fallacy as I appreciate our conversation and wasn't sure how else to express that thought.
If you haven't done so, check out the source document for the article as Arstechnica didn't include some important details (and the headline "Man jailed indefinitely for refusing to decrypt hard drives loses appeal" talks past what is actually happening): https://arstechnica.com/wp-content/uploads/2017/03/rawlsopin...
> ...but what if an ISP reports that files with those hashes have been downloaded by a particular IP address? ... but can't find the files the ISP says should be there.
I think this case is particular due to the lack of breaks in the chain. In your hypothetical, law enforcement and the prosecution have _vastly less information_ than in this actual case.
Law enforcement knew the path from a remote source, to (presumably dhcp lease based) ISP records, to the laptop that accessed the content (known to be the defendant's), to checksums in logs matching a physical drive (also known to be the defendant's). Coupled with other evidence, the defendant frustrating the process by pretending to no longer know the decryption phrase, and partial admissions of guilt by the defendant, this is a vast distance than a hypothetical case of "someone from this IP address downloaded Game of Thrones Season 1 from bittorrent, so hand over anything that can store bytes" (to use a far less disgusting crime to help keep emotion away from the discussion).
> Based on this precedent, I think another judge could find reasonable cause to compel in that scenario.
Luckily, the US justice system is built on nuance; this case wouldn't hold up as a generalizable excuse to compel decryption -- which is why they're invoking the foregone conclusion rule to secure the production of evidence based on the enormity of the other factors.
> In this hypothetical case, though, what if LE found OTHER files of child pornography? Would they be admissable?
I honestly don't know. In this case, the defendant is refusing to provide (multiple pieces of) evidence that is known to exist by checksum and direct file path.
> Alternatively, if they found other material (e.g, bomb-making), could it be used against him in a separate case?
Having information on how to construct a bomb is not illegal, any more than getting a degree in chemistry is illegal, but plotting to kill people with a bomb is legally actionable.
> I'm not sure I trust the government in either one of these situations.
I agree with you, but on a different shade of the argument. I'm suspicious that the ecosystem of justice is built on securing convictions as opposed to seeking objective truths. In this case, I support the government/court based on the information I have.
> As with so many other of the Constitutional protections of the Bill of Rights, they've slowly been chipped away in precisely these kinds of legal "corner cases."
I don't know which other cases to which you're referring, but the argument to be made here is that this isn't a corner case. This is having mathematical certainty that the defendant has evidence and is refusing to hand it over.
> Sue me for being paranoid.
No law against being paranoid :)
> but it's extraordinarily clear that shouldn't be happening in the first place, according The Constitution.
Actual question: where in the constitution is this clearly stated?
> Actual question: where in the constitution is this clearly stated?
You're obviously way more legally savvy than I am. Just goes to prove that a _little_ knowledge is a dangerous thing. Totally agree on the "securing convictions" motivation.
I'm referring to the 4th, about needing a warrant to intercept communications. Is that not clearly stated? Maybe my ignorance is showing again. Doesn't the 4th -- on the face of it -- preclude any system of wholesale collection of electronic communications?
> You're obviously way more legally savvy than I am. Just goes to prove that a _little_ knowledge is a dangerous thing.
Oh no, don't feel that way. The law is a man-made thing at the intersection of logic and opinion, which is why there's so many laws and tests -- if you haven't read the source document that's linked in the Arstechnica article, I would, as it has a lot of important detail.
> I'm referring to the 4th, about needing a warrant to intercept communications...Doesn't the 4th -- on the face of it -- preclude any system of wholesale collection of electronic communications?
Law enforcement were specifically targeting traffic expected to have child pornography and the people trying to exchange it on freenet who join very-special-purposed groups. Peer-to-peer platforms depend on people being free to join, and having special-purpose groups really helps with the "probable cause" condition of the 4th.
On the back of that, the defendant gave them confirmation of his illegal acts, so this case is about recovering evidence known to exist.
Wow, that's a lot against this guy, but hypothetically couldn't compelling him to decrypt his drives based on a file hash set a dangerous precedent where police can just plant file hashes somewhere to get access to anyone's drives? Sort of the high tech version of the drug dogs that would signal on cue.
They're staying within the law -- the defendant being in violation of the law is why an order to comply was filed and why we have access to the court of appeals document.
If you don't like the process, that's a different conversation.
There are a lot of things that waive the speedy trial right. If a defendant files pretty much any kind of motion, the speedy trial timeframe goes out the window.
