?

Log in

No account? Create an account

Previous Entry | Next Entry

Encryption as Evidence of Criminal Intent

From Bruce Schneier's blog (syndicated on LJ as bruce_schneier):
Encryption as Evidence of Criminal Intent

An appeals court in Minnesota has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent.

I am speechless.
Read Bruce's blog entry and comments for more discussion on the topic.

I don't know if I'm speechless or not, but I am more than a little concerned. I'll have to look into the specifics a little deeper, 'cause it might not be as troubling as it appears. For example, one of the comments on Bruce's blog entry attempts to put it in perspective:
This really isn't that big of a deal. This is the same as finding a guy in a car, driving around a residential neighborhood slowly, and finding a ski mask, lock picking tools, and a flashlight in his car. Everything is legal, but may be admitted in court to try to prove criminal intent.

One piece of evidence alone will not help a prosecutor very much, but if you can get enough pieces of the puzzle together, the picture becomes alot clearer. FWIW
Maybe. I can already see that it will be very easy to start down the slippery slope on either side of this argument.

Comments

( 11 comments — Leave a comment )
prester_scott
May. 26th, 2005 03:32 pm (UTC)
As much as privacy issues concern me, I'm afraid the headline really is overblown. The fact that he had PGP, by itself, didn't get him convicted.

The question we should be asking ourselves is how someone can be convicted of a felony on the basis of hearsay and circumstantial evidence alone, and that's considered a fair trial.
bodnej
May. 26th, 2005 03:47 pm (UTC)
Doesn't sound like hearsay to me:

The court didn't say that police had unearthed any encrypted files or how it would view the use of standard software like OS X's FileVault. Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.

The "Lolitas" bit is circumstantial, yes, but it establishes motive, and we've got direct testimony here.
prester_scott
May. 26th, 2005 03:53 pm (UTC)
I'm sorry, you're right: the girl's statements are testimony, not hearsay. I had my terms wrong.

But if we're being told the whole story in this article, that means he was convicted on three pieces of evidence:
* a young girl's testimony
* circumstantial evidence: "Lolitas"
* circumstantial evidence: PGP

Had I been on the jury, I think I'd have voted to acquit.
arcticturtle
May. 26th, 2005 04:21 pm (UTC)
A PGP key? Because... because criminal intent is the obvious implication of a desire for privacy? That is a scary attitude to base legal decisions on.

And do I understand that the no actual pictures the guy allegedly took were found? That seems like a gaping hole in the evidence, for which I would expect a darn good explanation from the prosecution.

I'm with prester_scott. This is scary.
partywhipple
May. 26th, 2005 04:45 pm (UTC)
I don't think I care about the case at all. What I care about is if the encrypted files imply criminal intent then can't the police, having interecpted an email I sent which is encrypted, say it is enough to get a warrent to search my house? Perhaps I am reading too much into this but it seems like it is setting precedent which can be used to do other privacy crushing things...
prester_scott
May. 26th, 2005 05:31 pm (UTC)
Nothing was said here about encrypted files, though, just the fact that he had PGP installed on his computer.

Again, in conjunction with MANY other pieces of circumstantial evidence, the fact that he had PGP *could* establish intent. But the evidence in this case (again, if the news article is telling the whole story) was pretty weak.
(Deleted comment)
drmellow
May. 26th, 2005 04:19 pm (UTC)
Not criminal in itself, but could be used to show criminal intent.

But, yeah, that's one side of the slippery slope.
eagle243
May. 26th, 2005 04:44 pm (UTC)
Or VPN software on your employer-provided laptop.

Or SSH that you use to connect to your servers.

Or SSL that you use to check your email (IMAP-SSL or POP-SSL).
prester_scott
May. 26th, 2005 05:29 pm (UTC)
Or the encryption software that's built into all current releases of Windows, Macintosh, and for that matter, Linux, operating systems.
partywhipple
May. 26th, 2005 04:42 pm (UTC)
Encryption as Evidence of Criminal Intent

You know locks on your doors is also evidence of criminal intent. What have you got to hide, eh???

madkawa
May. 27th, 2005 01:00 pm (UTC)
Bah! Nothing to worry about here. It's the focus that's got you worried. The media is good at that. Perception nowadays is what they tell you it is. Too many people have to have legitimate encryption on their computers just to operate in a responsible manner. You just can't use encryption that the NSA can't break. :)
( 11 comments — Leave a comment )

Latest Month

June 2013
S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
30      
Powered by LiveJournal.com
Designed by Tiffany Chow