Posted on 05/24/2005 9:56:37 PM PDT by atomic_dog
A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent.
Ari David Levie, who was convicted of photographing a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif.
But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict.
"We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
Randall favorably cited testimony given by retired police officer Brooke Schaub, who prepared a computer forensics report--called an EnCase Report--for the prosecution. Schaub testified that PGP "can basically encrypt any file" and "other than the National Security Agency," nobody could break it.
The court didn't say that police had unearthed any encrypted files or how it would view the use of standard software like OS X's FileVault. Rather, Levie's conviction was based on the in-person testimony of the girl who said she was paid to pose nude, coupled with the history of searches for "Lolitas" in Levie's Web browser.
Judge Thomas Bibus had convicted Levie of two counts of attempted use of a minor in a sexual performance and two counts of solicitation of a child to engage in sexual conduct. The appeals court reversed the two convictions for attempted use of a minor, upheld the two solicitation convictions, and sent the case back to Bibus for a new sentence.
Using that logic, the presence of door locks on your house also indicates that you have something to hide, and therefore implies criminal intent.
More incompetent drivel from the bench. For the record, I have PGP8 installed and use it because my account ledgers, passowrd files, and business records are all stored on my computer. Since I have a wireless network, intrusion is a possibility and I encrypt my files to ensure that NOBODY can get into them without my authorization. I guess that makes me a criminal.
Kelly,
You're confused about the issues. Catching and punishing this clown for child porn and molestation is a good thing - a very good thing.
The judge making an idiotic ruling on possession of perfectly legal software is NOT a good thing. Possession of it is not indication whatsoever of criminal intent.
Possession of a gun (I have several) is not indication of criminal intent.
Possession of a car which he uses to entice little girls into is not indication of criminal intent.
Separate the innocent tools from the horrific criminal behavior and we'll all be happier. This judge's ruling is lunacy and imputes criminal intent to millions - utterly unjustifiably.
Please don't misunderstand me - I condemn this guys actions and am glad he's going to jail.
I also am glad "...that finally there is some action being taken by right minded judges concerning the vile sickening scum out there preying on our children..." Perverts like these need to be locked up and the key thrown away, and capital punishment is justified for many of them.
Unfortunately, the article doesn't give us all of the facts of the case. If the perp's computer did not actually contain any encrypted files, then having the program is irrelevant. (I'm still glad he was found guilty and will be punished.)
Let's use your example in post # 56:
"Purchasing a legal firearm prior to a murder IS however compelling evidence of the intent to commit crime (with premeditation),..."
Suppose that the victim in the above situation was stabbed to death and has no trace of gunshot wounds. Even though other evidence may show motive, means (a knife), and opportunity - how could the purchase and ownership of a firearm possibly be used to prove criminal intent. In other words, if the firearm, software, or other so-called evidence is proven to NOT have been used in the commission of the crime, how can it's possession be shown to be criminal intent. Perhaps, a circumstantial case might be built with eyewitnesses, self-incriminating statements of the accused, etc., but I think it would be very difficult. Why include it at all when other evidence is sufficient to incriminate and convict him?
The rest of your statement
"...when placed before a jury in CONJUNCTION with the appropriate substantive and circumstantial evidence. Please note the importance of the legal standard of evidence is not prejudiced (beyond reasonable doubt)"
apparently assumes that encrypted files WERE found on his computer, which was not stated in the article. The rest of the evidence had nothing to do with encryption.
One final note - the availability of encryption is, IMHO, not a problem for our government. With the super-computers available to the NSA, etc., even 256k bit encryption can be cracked - just takes a little longer.
Thanks for the update.
FReegards,
RT
Word 2.0 isn't compatible with XP either. So what? PGP 8.0 and above (the latest version is 9.0) runs fine on XP. Your blanket statement that PGP is not compatible with XP is nonsense - as much as saying Microsoft Word is not compatible with XP.
"Your blanket statement that PGP is not compatible with XP is nonsense - as much as saying Microsoft Word is not compatible with XP."
Apparently, you didn't read all of my post # 44 where I indicated that I was previously unaware that a newer version of PGP had been released and was compatible with XP - facts which I mentioned in that post and gave links to the newer version. As I stated therein, I lost all interest in PGP (as did a great many others) when the creator, Zimmerman, left Network Associates and could not guarantee that all future versions would be back-door free & that NAI would no longer provide complete source code. This was a big deal at the time for many people and many swore off PGP, as I did.
My first post to which you originally replied was not totally wrong, but was incomplete, as I should have included the version # which caused the problem. I admit that I was careless in believing that the version # didn't matter and assuming that the last version ever created was 7.03 NAI did little to support PGP, and their support department had implied to me that future versions beyond 7.03 were doubtful as they were having trouble making it compatible with XP. I was unaware that they sold the rights to another company which became the source of versions 8 & 9.
Now, the only question is: why are you still harping on this? I've corrected my original post and explained it several times in various subsequent posts to you and others. Do you enjoy berating others? Are you deliberately baiting me and trying to start a flame war?
Since you are a newbie, I will give you the benefit of the doubt and a tip. Most FReepers are more polite when pointing out a mistake, error, or false assumption made by another FReeper, saving the flames and sarcasm for liberals, Rinos, media, and Democrats. Long time posters here will remember when that was not the case, such as the major flame wars in the late 90's. I don't think any of us really want to return to those days (and the mods help prevent that from happening).
Thanks, but no thanks. I need neither tips nor advice from you. I am not a newbie to online forums. Here's one for you, though. You need to check your facts more carefully before posting sweeping statements. I spend a good part of my day answering (and asking) questions on IT matters. I learned the importance of that many years ago.
I admit that I was careless...
OK. Apology accepted (I think that was an apology!). I regret taking such a personal tone in my response and for not reading your reply to me more carefully. I admit to being impatient with people that come across, ummm, pompously.
IN CONJUNCTION with other substantive evidence you are right...but on it's own encryption or other security software should not be seen as 'evidence' of someone "having something to hide" or "he must be guilty of SOMEthing" because if this becomes precedent or even common perception then Liberty WILL be further eroded.
"They'll snip one sentence out of the juris dictum and use that to bolster another case."
Well that's how the art of Law 'advances' eh...by clever lawyers taking one ruling and trying to stretch it to encompass more than originally intended...and sometimes in their zeal to do that in service of their clients they'll take just a part and try to apply it out of context or twist it into an unrecognizable form...bad precedents CAN be established that way and one has to hope then that equally clever good lawyers will rise up against those bad precedents and endeavour to return Law to Justice through appeals or equally 'creative' citings or making counterarguments in other cases.
Check out Kryptel.
See post #73
Not correct, unless "a little longer" means "trillions of times longer than the age of the universe". A 256-bit encryption key is effectively unbreakable by brute force; there are 2^256 possible keys, and the entire energy output of the sun over its lifetime is insufficient to even count that high on a computer, let alone test every key.
Breaking encryption with sufficiently large keys can't be done with CPU power alone; you need to find mathematical flaws in the encryption algorithm which allow you to vastly accelerate the search for the key. Current algorithms have no known flaws of that nature, although it's entirely possible the NSA knows things that we don't.
"Check out Kryptel."
Thanks for the link. I'll check it out.
Just to clarify, PGP version 7.03 (& before) is the version which is not compatible with WinXP, although version 7.03 will run under Win2k. Versions 8 & 9 are compatible with WinXP and don't seem to have any problems according to others who are running it.
"why is this? PGP no like NTFS?"
PGP version 7.03 (& before) is the version which is not compatible with WinXP, although version 7.03 will run under Win2k, so it's probably not an NTFS issue, but I'm not sure on that. According to what Microsoft implied in their knowledge base, the problem had something to do with WinXP's implementation of the TCP/IP stack.
PGP versions 8 & 9 are compatible with WinXP and don't seem to have any problems according to others who are running it.
Regarding brute force, the following was posted five years ago on alt.security.pgp. Feel free to apply Moore's Law and inflation...
1) [Assume that] the run of the mill desktop NSA computer is actually Blue Pacific, used by the DOE to perform nuclear weapons simulations, which can perform 3.9 trillion calculations per second. 2) That the NSA can check one key per calculation. 3) That NSA can buy these computers for one penny each. (actual cost 96 million dollars) 4) That these computers can be run for free without wearing out or using electricity. 4) That the NSA is willing to spend one billion dollars to crack the session key for this one message, thus using 100 billion computers. 5) There are roughly 3.155e7 seconds in a year. 6) On average 1/2 of all keys need to be checked to find the correct one. 3.4e38 / 3.9e12 / 1e11 / 3.15e7 / 2 = 13.8 million years. Moore's Law predicts every 18 months that passes will cut this figure roughly in half. Thus in 30 years the estimate will have dropped to only 12.8 thousand years. :) Moore's Law is holding pretty firm, Blue Pacific is roughly 40 million times more powerful than the computer that put John Glen into space, the law predicts an increase of 42 million times as powerful for that time span. However, the number of transistors is encroaching on physical limits, Gordon Moore says that around 2017 physical limits (on the atomic scale) will severely slow down further process.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.