“Child porn suspect jailed indefinitely for refusing to decrypt hard drives” says “A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives.”
Suppose that he tells the judge “I forgot the password” and the judge replies “That’s a little too convenient in your situation. I don’t believe you. You can stay at Club Fed until you develop a better memory.”
Let’s also suppose that he actually has forgotten the password. Now what? How can this situation ever be resolved?
Related:
- “The Domestic Violence Parallel Track”: One tactic that can backfire is the use of child pornography. According to the Indiana (PA) Gazette, “Woman guilty of downloading child porn,” August 20, 2014, Meri Jane Woods of Clymer, Pennsylvania was successful in obtaining a Protection from Abuse order that ended her husband’s access to the family home. To cement her victory she placed child pornography onto a personal computer and, without bothering to update the timestamps on the files, turned it over to the state police, alleging that her husband had performed the illegal downloads. In investigating the crime, however, the police “almost immediately ruled out Matthew Woods’ involvement by finding the images date-stamped between Aug. 11 and 14, 2013. Matthew Woods had been forced from the home before that time by a protection-from-abuse order, prosecutors told the jury.” As downloading child pornography for any reason is illegal, Ms. Woods was convicted of a felony that carried a possible sentence of seven years in prison (she was apparently not charged with the federal offense of receiving child pornography, which carries a mandatory minimum sentence of five years). What finally happened? A December 16, 2014 Associated Press article, “Wife who used child porn to frame husband gets jail time,” notes that she “must spend six months to two years in county jail” and that “Woods continues to deny wrongdoing saying, ‘I only wanted to protect my children.'”
Never understood how this doesn’t fall under the right to not self incriminate.
I, too, am puzzled. I read elsewhere that you could not be compelled to unlock your phone with a password, but _could_ be compelled to unlock it with a fingerprint. The former being protected information under the right not to self incriminate, while the latter was not information but rather a physical aspect and like being compelled to give ink fingerprints was not protected.
I wonder specifically what he was using. With TrueCrypt and similar you can do deniable cryptography. “What password? That’s just an un-formatted drive. There’s nothing on it.”
Isn’t there some guy who’s been rotting in jail for 20 years for refusing to tell the court where his gold is buried so his wife can take most of it? He says there’s no gold. The court and his wife say there is, and he hid it.
I’ve talked to a lawyer friend about this. He says that a person being held in contempt must possess “the keys to their jail cell”. In short, the judge can only keep them in jail without a trial for noncompliance, not for something they did in the past (they get a trial for that). So yeah, the trick is to establish enough evidence that the judge or the appeals process concludes that you probably don’t possess the password. The way I would approach it is to memorize a very substantial password that is not correct and offer it the first time it is asked. It doesn’t work. You spell it out. It doesn’t work. You offer to enter it for them. It doesn’t work. You explain that you did encrypt that file but you did it some time ago and to the very best of your knowledge that password is correct, you just haven’t used it in months. If you keep this up and stick to it, no way will the judge conclude that you possess the keys to your own cell. It would be best if there is no timestamp on that encrypted data. It shouldn’t be a file, it should be a partition. Otherwise the OS will probably date stamp it and screw you.
bobbybobbob: http://blogs.wsj.com/law/2009/07/14/man-jailed-on-civil-contempt-charges-freed-after-14-years/
bobbybobbob: TrueCrypt does the best it can, but it won’t help you much. If a drive contains all-zeros (or all-ones) you could plausibly claim it’s blank, but a drive with gigabytes of pseudo-random data is going to scream “encryption” to anyone tech-savvy.
TrueCrypt can conceal the content of your data.
TrueCrypt cannot conceal the existence of your data.
Worse still: an encrypted drive which is subsequently “erased” by destroying the master key block(s). It still looks like a drive stuffed with encrypted data, but even if you can and do provide the passphrase you won’t be able to decrypt it. And will therefore remain in jail for failure to decrypt.
Using steganography after the encryption might help, though I don’t know of any software that does it at such a large scale and suspect that it doesn’t help much at such scale either.