Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption The Courts

Judge Orders Child Porn Suspect To Decrypt His Hard Drives 802

An anonymous reader writes "After having first decided against forcing a suspect to decrypt a number of hard drives that were believed to be his and to contain child pornography, a U.S. judge has changed his mind and has now ordered the suspect to provide law enforcement agents heading the investigation with a decrypted version of the contents of his encrypted data storage system, or the passwords needed to decrypt forensic copies of those storage devices. Jeffrey Feldman, a software developer at Rockwell Automation, has still not been charged with any crime, and the prosecution initially couldn't prove conclusively that the encrypted hard drives contained child pornography or were actually Feldman's, which led U.S. Magistrate Judge William Callahan to decide that forcing him to decrypt them would violate his Fifth Amendment right against self-incrimination. But new evidence has made the judge reverse his first decision (PDF): the FBI has continued to try to crack the encryption on the discs, and has recently managed to decrypt and access one of the suspect's hard drives... The storage device was found to contain 'an intricate electronic folder structure comprised of approximately 6,712 folders and subfolders,' approximately 707,307 files (among them numerous files which constitute child pornography), detailed personal financial records and documents belonging to the suspect, as well as dozens of his personal photographs."
This discussion has been archived. No new comments can be posted.

Judge Orders Child Porn Suspect To Decrypt His Hard Drives

Comments Filter:
  • by samriel ( 1456543 ) on Wednesday May 29, 2013 @05:21PM (#43854979)
    Reading that made me ask three questions:
    1) What kind of encryption did the FBI break?
    2) Can they do it again, for any arbitrary encrypted data?
    3) If 2), what kind of decryption should we use instead of 1) ?
    • by imsabbel ( 611519 ) on Wednesday May 29, 2013 @05:23PM (#43855005)

      Most likely they had a dictionary attack (maybe hand-tuned to the suspect) get a lucky it.

      If they had "broken" it, they wouldn't have stopped at one drive.

      • by Anonymous Coward on Wednesday May 29, 2013 @09:19PM (#43856765)

        All of this information is in the initial filing, which wired posted here, including the fact that the government figured out partial patterns to his passwords. You should read the filing, though I warn you, you will want to retch by the end of it:
        http://www.wired.com/images_blogs/threatlevel/2013/04/fedswantdecryption.pdf

        After reading the request, I am amazed that the judge issued the first ruling at all. The download logs clearly showed entries that graphically describe pedophilia being written to a secure disk. I think the agents freaked out a bit, and assumed the disks would self destruct (as far as I know, the maxtor disks don't in fact do so).

        I know it's unpopular to say on slashdot, but the government has a job to do, and is doing it well.

        • Yes and no. If the download records isn't enough to convict - too bad. Encrypted data are private by every standard no matter what they can decode to. This is analogous to copy protection. In most countries where you are allowed to make private copies of copyrighted stuff, you're not allowed to break the copy protection in order to do so. Same thing should apply to private data - if they're encrypted in a non-trivial way, they're off limits to the authorities.

          Note that I want kiddie pornographers punished a

        • by dj245 ( 732906 ) on Thursday May 30, 2013 @08:09AM (#43859645)

          All of this information is in the initial filing, which wired posted here, including the fact that the government figured out partial patterns to his passwords. You should read the filing, though I warn you, you will want to retch by the end of it: http://www.wired.com/images_blogs/threatlevel/2013/04/fedswantdecryption.pdf [wired.com]

          After reading the request, I am amazed that the judge issued the first ruling at all. The download logs clearly showed entries that graphically describe pedophilia being written to a secure disk. I think the agents freaked out a bit, and assumed the disks would self destruct (as far as I know, the maxtor disks don't in fact do so).

          I know it's unpopular to say on slashdot, but the government has a job to do, and is doing it well.

          Regardless of the circumstances, ordering someone to decrypt a hard drive should be against the 5th amendment. I look at this the same way as any other "evidence is in a very hard place to get" situation.

          If I lock evidence in a locker or a house, the authorities are going to break my lock or break down the door. They can't order me to give them the key if the location of the key is unknown to them. If I have an electronic keypad, they can't order me to give them the passcode.

          If I kill someone and, having decided that a "shallow grave" is likely going to get me caught, bury the body in a 1000ft grave (suppose I own a drilling company), they can't make me dig up that body. It is upon them to dig it up. If I weigh someone down and dump them in the ocean, they can't force me to tell them the exact latitude/longitude. They can gather evidence all day long through any legal means, but forcing someone to actively incriminate themselves has never been, and should not be, legal in the US.

          The fact that we now have locks that are effectively unpickable and unbreakable is unfortunate for law enforcement, but that doesn't change the 5th amendment. There should be no exceptions. The nature of the crime or the amount of other evidence doesn't matter to the 5th amendment.

        • by bluefoxlucid ( 723572 ) on Thursday May 30, 2013 @09:25AM (#43860415) Homepage Journal

          That's not the issue. The government has a job to do, but they have certain responsibilities. The police are allowed to lie, cheat, threaten, frighten, and do all kinds of things to bend a confession out of someone; these confessions are then admissible in court. Police are not well-trained interrogators; a well-trained interrogator could get anyone to confess to anything in short order. Still, locking an innocent young woman in a room with a big scary angry police man is going to get some level of cooperation...

          Do we want this? Do we want thug-cops that beat confessions out of people, psychologically or physically? Do we want courts that say, "Well, we know you're guilty, so give us all the evidence against yourself and fuck constitutional law!"? Do we want wide-spread surveillance because you have nothing to fear if you have nothing to hide? How about inventing charges using collected circumstantial evidence to get rid of people who are not criminals, but are undesirable in society and not really liked by anyone anyway?

          The real issue is this: The government is power. People in the government have power. That makes them your adversary. You want it to be hard for them to exercise power over you and anyone else; if you're a criminal, well damn, but in support of *my* interests I hope it's very hard for them to nail *you* even though I think you should be locked up. If you murder someone, I hope they just *barely* manage to get a conviction after a huge fucking ass-dance and tons of sunken public money and massive investigations turning up some damn solid evidence before they execute you, just so the next guy whose house burned down from a fire started in a garage near a can of kerosene isn't executed because "it looks like he murdered his family, due to the use of an accelerant to start the fire some time shortly after he left his home". You fucking prove it.

    • by jxander ( 2605655 ) on Wednesday May 29, 2013 @05:29PM (#43855061)
      Oblig answer [xkcd.com]
    • I can answer (2): No.

      If they could, they'd just decrypt his other disks.

      Far more relevant here is what justification the judge thought he was using to order the suspect to give up his password. Because in order to do that, according to current legal precedent, the government has to already know, "with reasonable particularity", that the ENCRYPTED disks contain illegal material.

      Some different encrypted disk doesn't count. Nor does "reasonable suspicion", nor even probable cause. In order to force th
  • by Anonymous Coward on Wednesday May 29, 2013 @05:22PM (#43854993)

    Weasel-wording it like that makes me think it's probably random manga pictures from his browser cache and not real child pornography.

    • by slaker ( 53818 )

      Well the legal definition specifies "lascivious" media rather than some laundry list of people, poses and acts. I suspect there's Kim Possible and My Little Pony erotic fan-art posted on Tumblr and Deviantart that meets the technical criteria for child pornography every day.

      • by tompaulco ( 629533 ) on Wednesday May 29, 2013 @06:31PM (#43855623) Homepage Journal

        Well the legal definition specifies "lascivious" media rather than some laundry list of people, poses and acts. I suspect there's Kim Possible and My Little Pony erotic fan-art posted on Tumblr and Deviantart that meets the technical criteria for child pornography every day.

        Yes, that is true. Child Pornography is a scare word to make jurors convict. In reality, the legal definition of child pornography, while varying by location, may constitute such things as:
        Nude pictures or movies of a 1 year old
        Depictions of sex or nudity of a 17.999999 year old even if they look 25 years old.
        Depictions of sex or nudity where someone holds the opinion that they look less than 18 years old even if they are 25 years old.
        Pictures or movies depicting sex with a greater than 18 year old who is dressed in schoolgirl outfit or wearing pigtails in an attempt to look like a less than 18 year old even if it is still obvious that they are 25 years old or even older.
        Pictures or movies depicting sex with 30 to 40 year old women filed under the heading "Teen Sex".
        Pictures or movies of cartoons depicting nudity or sex of characters whom someone holds the opinion that the character looks less old than a real life18 year old.
        Nude or partially unclothed photos taken of themselves by owners of a phone who are less than 18, or appear to be less than 18 or who are trying to appear to be less than 18.

  • by bogaboga ( 793279 ) on Wednesday May 29, 2013 @05:24PM (#43855019)

    He should inform the honorable judge that he's forgotten the decryption parameters or whatever they are called.

    This way, he puts the ball back into their court. That is, to prove that he indeed still remembers these parameters.

    That will be a tough one to prove.

    • by gnasher719 ( 869701 ) on Wednesday May 29, 2013 @05:33PM (#43855089)

      He should inform the honorable judge that he's forgotten the decryption parameters or whatever they are called.

      This way, he puts the ball back into their court. That is, to prove that he indeed still remembers these parameters.

      Not at all. First, informing the judge that he's forgotten the decryption parameters would have been an awful stupid move. "Having forgotten" would have implied that he once knew them, which would have been proof that the hard drives were his. Second, since the drives are now known to be his because the FBI encrypted a drive, refusing to decrypt would now be taken as evidence that he's got something to hide, basically an admission of guilt.

      • Pay attention to any politician or cop who has to testify under oath. Use their magic words "I don't recall". At this point they already know the drives are his.

    • by girlinatrainingbra ( 2738457 ) on Wednesday May 29, 2013 @05:55PM (#43855285)

      He should have made his password or passphrase be

      "I do not have the password"

      Then, when asked for the password, he could truthfully state that his answer is "I do not have the password". Of course, a few weasely questions that he may be required to answer truthfully could shake this, but hey, why not for a first step?

      Or possibly:

      "I don't need no stinkin' password"

      "This is not my drive."

      "I forgot my password" as the passphrase!

      "I assert my fifth amendment rights"

      "I respectfully assert my fifth amendment rights"

      "Fuck you" (J_1: what is your password? R_1: fuck you J1:Que? Off to jail! R_1: I answered fully and truthfully!)

    • by interkin3tic ( 1469267 ) on Wednesday May 29, 2013 @06:13PM (#43855477)
      From what I'm reading, if the judge doesn't believe him, he'd just find him in contempt of court and detain him until he remembers.

      http://www.schneier.com/blog/archives/2012/02/what_happens_wh.html [schneier.com]
    • He should inform the honorable judge that he's forgotten the decryption parameters or whatever they are called.

      The honorable judge isn't obliged to believe you and may ship you off to a local lock-up for contempt of court. To be held until your memory improves or hell freezes over, whichever comes first.

    • by stox ( 131684 )

      The password(s) were on a sticky note attached to the display. I have no idea what happened to it since the Police took the computer(s).

  • apparently (Score:3, Informative)

    by kick6 ( 1081615 ) on Wednesday May 29, 2013 @05:26PM (#43855041) Homepage
    having an "intricate electronic folder structure" complete with "detailed personal information" is nefarious? Isn't that, essentially, every install of every desktop OS ever? Hell, I think in my 13k file music collection sorted by album and artist there's EASILY 3k folders. And I think elsewhere on the same drive I have my tax returns...
  • by Anonymous Coward on Wednesday May 29, 2013 @05:31PM (#43855079)
    Where pixels of a certain colour arranged in a certain way on a screen and even the bits used to represent them are illegal. I hate kiddy porn as much as everyone else but feck it throwing people in jail for looking at pictures is taking the piss.
    • So you wouldn't mind if pictures of you being raped were being looked at on the internet? Fair enough, personally I'd have a problem with that and want it to be a crime to look at them, but maybe that's just me, I have been known to be a little odd.

      • by VortexCortex ( 1117377 ) <VortexCortex AT ... trograde DOT com> on Wednesday May 29, 2013 @09:58PM (#43857009)

        So you wouldn't mind if pictures of you being raped were being looked at on the internet? Fair enough, personally I'd have a problem with that and want it to be a crime to look at them, but maybe that's just me, I have been known to be a little odd.

        Well, when someone puts a 1px hidden IFRAME in a cross site scripting or SQL injection exploit will you still "want it to be a crime" when you're thrown in jail for your regular downloading of illegal 1's and 0's? This isn't hypothetical. I clean this shit of of servers about 3 times a year. Skiddies are thumbing their nose at the idea of their teen girlfriend sexting pics being, "child porn". They're putting their own ex GFs pics online as well as "loli" manga pics they find attractive. Now, that means you should go and shred your hard drive and encrypt the fuck out of it. If you've been anywhere online you could have kiddie porn on your PC. Just the way the police state likes it... They have an excuse and evidence to hunt any "witch" they want.

        Personally, I have been raped. I wouldn't give a rats ass if you want to look at pics of it, so long as you're not raping me or anyone else to get new pics. Folks looking at what constitutes child porn these days could be looking at voluntarily taken "selfies" and drawings. Kids taking nudes of themselves aren't raping themselves. Drawings aren't alive.

        Furthermore, my little brother was being threatened and had fist sized rocks thrown at him when he was walking past a middle school. We reported the kids to the police. Guess what? THEY CAN'T DO ANYTHING. There has been no crime unless he actually gets injured. Unless you're actually raping a kid, no one is being harmed by looking at images. It shouldn't be illegal unless they want to actually start arresting people for THINKING about assault -- They're not even arresting folks for Actual Attempted Assault.

    • by KGIII ( 973947 )

      I assume the punishment represents retribution for the harm done at the time of the image's creation. That doesn't bother me. What bothers me is that the same mentality cannot be applied to images created wholly out of the image creator's mind and yet those images are subject to the same prosecution. That bothers me a great deal.

  • by Anonymous Coward on Wednesday May 29, 2013 @05:39PM (#43855145)

    So I just read the judge's order granting the ex parte request, and there is something I am confused about. If the 'limited decrypted version' they supposedly have contained child pornography why is he still not charged with a crime? Something seems fishy here.

    "In addition to numerous files of child pornography, the decrypted part of
    Feldman’s storage system contains detailed personal financial records and
    documents belonging to Feldman"

    I'm willing to bet they have the file structure (names of files) but have no actual file data, in which case the governments request would add a lot to the case instead of the "little to none" the judge is using to justify the use of the forgone conclusion doctrine.

    Not defending anyone for child pornography, I just like everyone else don't like seeing the forced self incrimination of people using the 5th amendment.

  • by karlandtanya ( 601084 ) on Wednesday May 29, 2013 @07:20PM (#43856031)

    I'm guessing it's this part of it that protected him:
    "nor shall be compelled in any criminal case to be a witness against himself"

    There's no clause in the fifth amendment that says "...but if we have good evidence you're guilty, then you have to tell us what we need to know in order to get more evidence."

    The police put you in a room and say "CONFESS", and you refuse. Judge says "that's right--you don't have to confess to anything. In fact, you don't have to say anything at all. You can remain silent."
    Later, the police find some evidence that suggests you really did something illegal. And really socially repulsive.

    Judge thinks for 2 seconds and realizes "Who's going to defend a kiddy diddler? I can rule however I want against this guy and get almost no political backlash. But if I "defend the constitution", I'm a liberal judge letting a monster get away on a technicality." Not a difficult decision for a pragmatic public servant. "Let the beatings begin.".

    First they came for the child rapists and I said nothing because everyone would think I was one, too.

Hackers are just a migratory lifeform with a tropism for computers.

Working...