If he has nothing to hide then why withhold the password? Isn't he already incriminating himself by claiming self-incrimination? If only the criminal justice system worked that way.

The court should just keep some 13 year old on retainer just for cases like this. Some 1337 little dude could get in that laptop in a second.

I bet they can figure out what his password is, start with...creep...freak...pervert...yeah, won't take long this way

This is an interesting case, I'm interested to see what the final ruling turns out to be.

my take on this issue:
If law enforcement has enough to suggest that you have a meth lab in your back yard shack, they can come over to your house and demand that you submit to their warrant and unlock the shed, allowing them to search and seize.

If they have sufficient evidence to suggest the ownership of CP (possible pageviews/searches/cp keywords (see that R@ygold sick f**k)), he should be able to submit to a warrant that makes him unlock his property via a digital key. If he insists that he cannot unlock the drive, the feds should be able to increase his penalties if, after breaking the encryption, he did indeed have CP. Essentially, digital evidence should be treated much like physical evidence--if there is proof that he downloaded and installed the software (i.e. store records show that you bought a padlock), he should be held in contempt of the court.

However, I'm also surprised that law enforcement can't even rent a supercomputer to break what i'm guessing is 128 or possibly 256-bit encryption. I'm guessing that the offender used only 6 letters, resulting in 308915776 combinations, easily manageable seeing as standard computers can brute-force about 50 passwords/second. get a thousand processing nodes, and you'll have your password in less than two hours, most likely less. if he used numbers as well as a 7-character combination, the pw can easily be cracked within like two days.

I truly loathe people involved in child porn, still I think the rights to privacy and non-self-incrimination are more important than the police's need to solve a case.

If they can imprison you because you won't give away the password to your own files, it's another step towards a society I don't want to live in. The 'if you have nothing to hide' argument is the fast lane to fascism.

The NSA is roughly a decade ahead of the encryption industry standards, let them break it if all fingers point to that guy.

...this keeps bugging me.

how the the court could possibly believe that he installed encryption software to "protect from viruses" is dumbfounding. if he didn't use PGP to encrypt system files, there is really no protection against viruses. Viruses obtained through P2P hardly ever dig through your .docx files looking for numbers that look like SSNs or addresses. They are malware installers, trojans, or keyloggers. all hardly preventable with PGP. a "Z" drive is clearly a partition you set your data into, that, or the name your IT guy gave to a NAS drive so that there wouldn't be any conflicts. The only thing encryption can protect you from is unauthorized access to files, and whole-disc encryption is really only valid for volumes of high-sensitivity data, such as your pr0n collection or thousands of people's SSNs.

That's why you should use TrueCrypt. With it you can create an hidden encrypted volume within another encrypted volume.

If you mount the disk with password #1, you see some harmless (embarassing) files.

If you mount it with password #2, you see the contents of the hidden volume which contains the really sensitive stuff (like that time you took the camcorder to the bedroom).

If someone forces you to hand over your password, you give them password #1. There's no way to detect the presence of the hidden volume.

I know it's child porn and all...but the police shouldn't force him to give up his password. I was exploited this way. My school gives all of us laptops. In middle school I made a chat program and everyone started using it. The administrators caughts me and told me if i didn't give them my password that they'd suspend me. I gave it to them and they used my username to catch everyone else. I was ragged on as a narc until my bigger friends stood up for me and told everyone what really happened. I guess it is the same thing with this guys child porn folder. He shouldn't have to incriminate himself.

Yea, what keeps bugging me is why Customs is going through his laptop.

Was he smuggling Canadians in his laptop? Images of drugs? What?

I fully agree. In the meantime, I hope they're able to charge him based on other/non-digital evidence. If he is guilty, it might not all be locked up/encrypted.


And, Alton, I wondered that same thing too. It must be within the scope of their authority, but was there something that made them suspicious of him..?

It still amazes me how lawmakers and such are still so uninformed on technology. A simple course in computer security can educate them on things like viruses, spyware, etc. I know I am a geek but this is very basic stuff. It brings to mind the early days of modems where people thought that just by having a modem in your computer made it open to every hacker in the world (even when the computer was off, and disconnected from the phone line).

This kind of thing scares me. I have gotten some things that I went "OH MY GOD" and deleted immediately off of BS -- what if this guy is telling the truth? I personally wouldn't have given up my password even if I had nothing to hide either.

A few friends and I have had deep discussions on with some of these CSI type shows - especially the "true story" ones like on A&E

It seems to be trending towards finding evidence and then trying to match it to someone, instead of having a trail that leads to someone, they are playing pin the tail on the donkey.

no thanks. I don't want to be a donkey.

Hmm - seems like the question here is whether an encryption password is more like a safe key (which investigators can compel from you, in a warranted search) or more like testimony. Though I have a kneejerk reaction against forcing people to give up passwords, in this case, it seems to me it's a whole lot more like a safe key. The guy should be compelled to give it up if there is probable cause to suspect he's hiding evidence.

No matter whether it's about child pornography or anything else: AFAIK, there's something like a presumption of innocence (even in the US of A).

Neither does it matter whether it's physical or digital evidence: As long as they don't have it, the guy is innocent.

If they search my house with a warrant, but don't find my afore mentioned meth lab for whatever reason, it's my very right to deny the existence of that meth lab when asked about it.

If they search my notebook and don't find my child pornography for whatever reason, I'm a free man.

Likewise, if they found some technical device in my house which they couldn't identify, but suspected to be an atomic bomb, I would not be obliged to prove them wrong, but rather would they have to prove their view. I am allowed to store as many technical devices of unknown purpose in my own house as I want, and as many encrypted data [sic!] on my computer.

It's their responsibility to bring forth evidence of my delinquency, not mine to prove my innocence.

That's a very good point, and very true. But when there's enough incriminating evidence to warrant further investigation I can hardly fault the authorities for pressing on, with any case, that's their job. Not everyone will offer up their passwords, guilty or not..but I feel they should be legally allowed to pursue de-encryption if he is highly suspect. That is the million dollar question tho (and one coming from someone who is anti-Patriot Act btw). If in the end it's proven that he's guilty, the charges will be greater as will the penalties..or should be, like breex mentioned.

This story is a perfect example of why you NEVER STORE YOUR PRIVATE KEY ON YOUR COMPUTER, even if it is secured with a passphrase. Put it on a memory stick, or an external drive, or even a floppy, but don't keep it with the stuff you encrypt.

Oh, and make backups.

Better yet, StegFS.
Similar concept, but with multiple levels of plausible deniability.

Edit: on reading this more closely, it sounds like you are not compelled to give up a safe combination, only a physical key - weird. From now on, only buy combination locks :)

Seems like a strange distinction to me.

I'm not sure if this a dilemma at all. The article does not do a very good job stating the mechanics behind the scenes.

1) Does a custom's agent have the right to inspect the files on a personal laptop?

2) Was he informed of his rights prior to the initial search?

3) Just because somebody performing an illegal search thinks they see something incriminating, does not mean you're guilty.

4) It sounds like the testimony from the customs agent is not sufficient for the court to issue a warrant. If the court had issued one, he would be in contempt of court and jailed. Being in jail is the end result of the offense...correct?

Quite frankly we have no idea why he will not willfully open his drive. Perhaps it's filled with pirated music and movies?

If they want to get to get drive open, provide some proof that he is breaking the law. Log files, internet history, emails...something.

If the guy has a laptop full of child pron, he needs to be dealt with as such. Unfortunately, we need to follow the laws as well.

I think vequalsir made some excellent points.

"how the the court could possibly believe that he installed encryption software to "protect from viruses" is dumbfounding"

its really not a question of whether or not encryption software can protect from viruses but whether or not he BELIEVED that it would protect from viruses. As such, that is a perfectly acceptable reason for installing them.