I see. I think this is my understanding of where the hashes come in -- law enforcement doesn't keep child porn around for comparison. That would be asking for abuse. They instead keep a list of cryptographic hashes of identified child porn files, and they want to see if this hard drive, once decrypted, has any files that match those hashes.
Seems easily defeated by a technical adversary, but probably good enough for most police work.
If the drive is encrypted, how can they say in contains hashes of know illegal content? Unless the content is shared in its encrypted form along with the key... This sounds like BS on their part.
The truly interesting bit, will be when a case of (real or alleged) multiple hidden encrypted volumes is publicized.
If the government feels the information they want is on a laptop, the laptop's owner would suddenly find themselves forced to prove a negative (there are no more hidden volumes), lest they be held in contempt.
If they can seemingly compel you to reveal something they can't proven even exists and lock you up until you can prove that it doesn't, the door for abuses isn't even wide open; it'll have been removed from its hinges along with most of the wall.
Well yes anything that's encrypted could potentially turn out to be evidence of a crime when decrypted, but we don't usually assume that the use of encryption is indicative of that
This would be doubly interesting, as it would mean the key he was carrying for the one file would be a smoke screen of sorts.
Of course, with UK law saying they can detain you indefinitely until you hand over your keys if they think a file is encrypted, that might not be a good move... though obviously in retrospect they didn't make use of that here.
Suspect has a stash of illegal pornography. He encrypts that. He then encrypts some embarrassing, but legal, pornography. When he's asked for the key he can hand over the fake key.
Before they ask for the keys they should have enough information to know how bad the files are, so you're right in that respect. "We know what kind of stuff you have, so decrypt it and we can punish you for what you actually have, or face five years for not decrypting". But don't forget that sometimes they have no idea what the file is, or if the person is involved in any offending behaviour, and they've found the encrypted file after some other investigation.
In that situation it'd be handy to give them a fake key for fake data.
(None of this is to suggest that this tool is any good for that purpose)
If they've linked specific hashes to known CP content, then presumably they have those files available. They can still present that as evidence, then have the experts testify that those specific files are known to have been on the drive.
Going to the Supreme Court specifically on the forced-decryption issue sends a pretty strong signal that that's what they actually care about.
This could be example of parallel construction[1]. They may already have unencrypted it via a backdoor, but they wouldn't be able to use anything they find as evidence in court because they'd have to reveal the backdoor. If they can plausibly show they brute-forced it instead, they keep the backdoor hidden.
Not to mention the obvious legal ramifications, even of encrypted data - in the UK, it's a crime not to give up the key to encrypted data, even if you claim to not have it (though I would hope in this case it's provable you really never did, and that would somehow help.)
IANAL, but my understanding of current American law is that if the material is deemed by a judge to be evidence, and you can decrypt it, and you won't decrypt it, you can be held in contempt of court.
Interesting, didn't think it could be Freenet related, as lists of hashes during synchronisation was stated. If so it could explain why the prosecution want the drive decryped although they on the surface seems to have enough evidence.
But then the foregone conclusion argument could to be slightly disingenuous, depending on exact details which appears to be unknown at the moment?
True, but I don't think that's a concern for most people.
What are the practical implications? The only one I can think of is if someone were trying to prove in court that you had a particular file.
A related question I've been wondering about is whether a hash or key+ciphertext are considered proof of possession of the original file. In theory an infinite number of files have the same hash, and the ciphertext could have been produced using a different key (or it could just be random data). In practice it's extremely unlikely (for sufficiently secure hash and encryption functions). What are the laws'/courts' views on cryptography?
reply