[TheRealDunkirk]

To me, this whole thing smells of the classic tactic of telling the guy, "We know you're guilty; just confess, and we'll go easy on you." Which, of course, is a lie.

So I am of the opposite opinion. If the hash information isn't enough to try him with, then I'd rather he go free, than set a precedent that it's acceptable for a court to compel someone to decrypt information because someone in law enforcement just "knows" the evidence is there. Because once this order is allowed to stand, the level of certainty required to compel decryption is going to continually be lowered.

[mjolk]

> To me, this whole thing smells of the classic tactic of telling the guy, "We know you're guilty; just confess, and we'll go easy on you." Which, of course, is a lie...If the hash information isn't enough to try him with, then I'd rather he go free, than set a precedent that it's acceptable for a court to compel someone to decrypt information because someone in law enforcement just "knows" the evidence is there.

I'm sympathetic to why you'd be cautious, but that's not fitting in this case -- this is a highly specific case with a number of circumstances that meaningfully differentiate it from the generic case of providing decrypted media. He's guilty and the checksums are enough to convict him (we're talking many checksums, metadata, partial confessions) and this is about him frustrating the discovery process.

> Because once this order is allowed to stand, the level of certainty required to compel decryption is going to continually be lowered.

This is a slippery slope fallacy. I had some leaning towards this perspective, but then I read the source document, which goes into far more detail. There's a definite nuance to this case.

[TheRealDunkirk]

I appreciate what you're saying about a slippery slope, but I don't find that the nuance of this case necessarily makes it a fallacy. The judge has compelled decryption based on hashes of files left around in logs on the hard drive, but what if an ISP reports that files with those hashes have been downloaded by a particular IP address?

The FBI gets a warrant, executes a raid, picks up every piece of electronic equipment in the place, but can't find the files the ISP says should be there. Can the defendant, in this case, be compelled to decrypt an encrypted hard drive file or partition at this point, because law enforcement "knows" that those files are somewhere in his (digital) possession? What if it were a guest in his house? What if it were the neighbor, stealing wifi?

Based on this precedent, I think another judge could find reasonable cause to compel in that scenario. Is this a violation of the 5th Amendment? The defense FOR the judge's actions in this case -- based on other reasoning in this thread -- is that only files with those hashes could be used against him, at this point. In this hypothetical case, though, what if LE found OTHER files of child pornography? Would they be admissable? Alternatively, if they found other material (e.g, bomb-making), could it be used against him in a separate case? I'm not sure I trust the government in either one of these situations.

It seems highly likely that we'll get a government employee's opinion on precisely this scenario someday, and I don't think that this employee is going to find in a manner against his employer. As with so many other of the Constitutional protections of the Bill of Rights, they've slowly been chipped away in precisely these kinds of legal "corner cases." Sue me for being paranoid.

Have we not spent the past couple of years confirming that the "slippery slope" of catching "bad guys" has, in fact, completely eliminated the protection of the 4th Amendment for communications? You could argue that it hasn't, because the government hasn't prosecuted a citizen based on the warrantless, wholesale monitoring of any and all electronic communications -- THAT WE KNOW OF -- but it's extraordinarily clear that shouldn't be happening in the first place, according The Constitution.

[mjolk]

I'm glad you didn't take offense to me making reference to the fallacy as I appreciate our conversation and wasn't sure how else to express that thought.

If you haven't done so, check out the source document for the article as Arstechnica didn't include some important details (and the headline "Man jailed indefinitely for refusing to decrypt hard drives loses appeal" talks past what is actually happening): https://arstechnica.com/wp-content/uploads/2017/03/rawlsopin...

> ...but what if an ISP reports that files with those hashes have been downloaded by a particular IP address? ... but can't find the files the ISP says should be there.

I think this case is particular due to the lack of breaks in the chain. In your hypothetical, law enforcement and the prosecution have _vastly less information_ than in this actual case.

Law enforcement knew the path from a remote source, to (presumably dhcp lease based) ISP records, to the laptop that accessed the content (known to be the defendant's), to checksums in logs matching a physical drive (also known to be the defendant's). Coupled with other evidence, the defendant frustrating the process by pretending to no longer know the decryption phrase, and partial admissions of guilt by the defendant, this is a vast distance than a hypothetical case of "someone from this IP address downloaded Game of Thrones Season 1 from bittorrent, so hand over anything that can store bytes" (to use a far less disgusting crime to help keep emotion away from the discussion).

> Based on this precedent, I think another judge could find reasonable cause to compel in that scenario.

Luckily, the US justice system is built on nuance; this case wouldn't hold up as a generalizable excuse to compel decryption -- which is why they're invoking the foregone conclusion rule to secure the production of evidence based on the enormity of the other factors.

> In this hypothetical case, though, what if LE found OTHER files of child pornography? Would they be admissable?

I honestly don't know. In this case, the defendant is refusing to provide (multiple pieces of) evidence that is known to exist by checksum and direct file path.

> Alternatively, if they found other material (e.g, bomb-making), could it be used against him in a separate case?

Having information on how to construct a bomb is not illegal, any more than getting a degree in chemistry is illegal, but plotting to kill people with a bomb is legally actionable.

> I'm not sure I trust the government in either one of these situations.

I agree with you, but on a different shade of the argument. I'm suspicious that the ecosystem of justice is built on securing convictions as opposed to seeking objective truths. In this case, I support the government/court based on the information I have.

> As with so many other of the Constitutional protections of the Bill of Rights, they've slowly been chipped away in precisely these kinds of legal "corner cases."

I don't know which other cases to which you're referring, but the argument to be made here is that this isn't a corner case. This is having mathematical certainty that the defendant has evidence and is refusing to hand it over.

> Sue me for being paranoid.

No law against being paranoid :)

> but it's extraordinarily clear that shouldn't be happening in the first place, according The Constitution.

Actual question: where in the constitution is this clearly stated?

[TheRealDunkirk]

> Actual question: where in the constitution is this clearly stated?

You're obviously way more legally savvy than I am. Just goes to prove that a _little_ knowledge is a dangerous thing. Totally agree on the "securing convictions" motivation.

I'm referring to the 4th, about needing a warrant to intercept communications. Is that not clearly stated? Maybe my ignorance is showing again. Doesn't the 4th -- on the face of it -- preclude any system of wholesale collection of electronic communications?

[mjolk]

> You're obviously way more legally savvy than I am. Just goes to prove that a _little_ knowledge is a dangerous thing.

Oh no, don't feel that way. The law is a man-made thing at the intersection of logic and opinion, which is why there's so many laws and tests -- if you haven't read the source document that's linked in the Arstechnica article, I would, as it has a lot of important detail.

> I'm referring to the 4th, about needing a warrant to intercept communications...Doesn't the 4th -- on the face of it -- preclude any system of wholesale collection of electronic communications?

Law enforcement were specifically targeting traffic expected to have child pornography and the people trying to exchange it on freenet who join very-special-purposed groups. Peer-to-peer platforms depend on people being free to join, and having special-purpose groups really helps with the "probable cause" condition of the 4th.

On the back of that, the defendant gave them confirmation of his illegal acts, so this case is about recovering evidence known to exist.