Friday, February 15, 2008

And the password for your dirty pictures is...

Watch my lips. I use a password so no one else can see what’s on my computer--I have often wondered about this: What happens if a cop or a judge orders you to give them the password for your computer? Do you have to give it to them? After all, you encrypted the damned thing so other people wouldn’t see what’s on it. A Canadian named Sebastien Boucher is in just such a jam in Vermont.

Boucher, who lives in Vermont, crossed the border into the U.S. with his father. Customs agents inspected his laptop computer and found child pornography on it. He was arrested and could face as much as 20 years in prison on the child pornography charge. But after his arrest, they tried to access the files again and found them blocked by Pretty Good Privacy (PGP), an excellent encryption program that requires a password. They asked him for the password and he refused. Can he be forced to give it up?

Boucher said he frequently downloads adult pornography, making him one of, oh about 20 million people. He says sometimes he accidentally gets a child pornography site and when he sees it, he deletes it.

Now the fun starts.

A grand jury ordered him to give up the password. A federal magistrate quashed the order. See, he can’t be required to give up the password because that would violate his Fifth Amendment Rights on self-incrimination. Warrants won’t work because a password is not a physical thing like a container or a house. It exists only in his mind, the magistrate wrote. You can’t issue a warrant on the brain. The feds could turn the computer over to the computer boffins at say the FBI or NSA but the only thing they can do is run an automated guessing program and that could take decades to bust.

The government, of course, has appealed. Good luck to Mr. Boucher.

Programs like PGP (I’ve used it) base the encryption on a program that generates random numbers. Every time you encrypt something, the program issues a password based on that number that can be used to decrypt the fiel. You need to know the number to unlock the encryption. Many programs, including probably the browser you are reading this on, have encryption although programs like PGP are for hiding specific items or disks and virtually unbreakable. Many businesses use it, and even intelligence groups hide files with PGP.

For years, security experts have worried that someone (probably the buffoons in Congress) would require the software to include a “backdoor” to encryption programs so that the government or law enforcement agencies, could break them quickly. This was especially true after 9/11 although there is no evidence 9/11 had anything to do with encrypted messages. There were wild rumors after Microsoft released Vista that it came with a backdoor, and after the government issued new encryption standards, the web was alive with rumors the NSA had slipped a backdoor into the code. The rumor was reinforced by the fact the standards were sloppy and what would you expect from our government? Both rumors appear at this time to be erroneous.

So far, it appears, there are no backdoors yet, and the law so far is on Boucher’s side. If I encrypt something I have absolutely no obligation to reveal the password. So far.


Daro said...

Hello Joel,

I had a little giggle given that I couldn't fine an email address to write you on your blog.. (given your gravitas and ah.. field of expertise! ) Probably missed it somewhere but in your profile, AOL is stepping in to merss things up! Your address display is failing if they don't have the "aim" extension registered. Email me if you like for a screenshot of what I'm talking about...

Daro said...

..and the email was going to be about..?
Oh, yes.. Your namesake tried to save a life in the face of Corporate callousness and indifference but (as the Russians say) the end was the same as always. A sad story...
Airline defends response after in-flight death

Doctors, nurses stepped in
The doctor, Joel Shulkin, was one of several medical professionals who stepped in after flight attendants asked if any were on board. Shulkin said through his attorney, Justin Nadeau, that two emergency medical technicians performed CPR on Desir, a diabetic.

larry Maxcy said...


Joel Shulkin is Joel's Japanese cousin.

Daro said...

Oh really... that's quite bizarre... and tragic of course. The family could at least be comforted that the real people on the planet (not in uniform) did all they could in contrast to the images struck in M. Moore's film "SICKO". One news source (I recall) said the doctor was very upset during the incident due to a non-attaching/matching breather device to the o2 tank... I've been living in Tokyo for ten years so I can say the image of Japanese being overly pedantic attention to detail is softened by the largely unknown national belief in giving a smile and taking the positive attitude to matters. But for some "Holy Cow" issues here there's no tolerance. I suppose I'm being ironic because I'm referring to the concept of service to the customer not adequate medical infrastructure. Many people die needlessly due to local J Pharmas blocking drugs that would wipe their own off the market. But the idea that a flagship of service (aka an international airline) lacking so much empathy for the customer who has placed their trust in the organisation smacks almost of a criminally callous mindset.. The culture is really that severe any slack in service.

Wanna write more - gotta go - interview, but maybe you could tell Tokyo Joel I was genuinely left admiring the reporting of his force and action in the incident accurately reflecting the proportional importance of a life, even of a total stranger juxtaposed with the paid, responsible and entrusted guardians and their "burdonesome passenger bracketing" auto-policy.

Blasphermour said...

Thanks for all the info. More people need to be made aware of this GOOD information.The information is ery meaningful to whom needed. Interesting!! tHANKS !!