inside the man

Wednesday, May 25, 2005

If you use PGP, you may be a pervert

A disturbing ruling from the Minnesota justice system. The fact that a man charged with taking nude photographs of a minor had PGP installed on his computer - even though he had not encrypted anything with it - was admitted as evidence against the man. This decision was held up under appeal this week.

"The case, although never put before a jury, could establish the precendent that the use of an encryption programme might be admitted as evidence of criminal intent, as least in Minnesota. The attitude seems to be 'if you have nothing to hide why do you need secrecy tools'"

3 comments:

Anonymous said...

What if you use Password Safe and random passwords for all applications?

Lazy Programmer said...

This is sort of one sided, when an admission of guilt occurs, all defense goes out the window, while the Prosecuters can always admit encryption software as evidence of wrong doing, the defens can always bring reasons for the software to mitigate the factors...
This is not really a precedent, as it is consistant with evidence rules in other fields.
Usually this type of testimony called circumstantial evidence.
PGP file level encryption is not a high enough encryption level to block an investigation in any case as EnCase has tools to crack that level of encryption.
The only truly safe encryption level is disk level encryption (I believe PGP has a disk level encryption tool).
That level of encryption will actually thwart investigators unless they get the user name and password or capture the computer while it is running and accessible.
R

Lazy Programmer said...

This is sort of one sided, when an admission of guilt occurs, all defense goes out the window, while the prosecution can always admit encryption software as evidence of wrong doing, the defense can always bring reasons for the software to mitigate the factors, such as I am paranoid about hackers, or I have access to secure or private data.
This is not really a precedent, as it is consistent with evidence rules in other fields.
Usually this type of testimony called circumstantial evidence.
PGP file level encryption is not a high enough encryption level to block an investigation in any case as EnCase has tools to crack that level of encryption.
The only truly safe encryption level is disk level encryption (I believe PGP has a disk level encryption tool).
That level of encryption will actually thwart investigators unless they get the user name and password or capture the computer while it is running and accessible.
LP

Blog Archive

About Me

My photo
Edmonton, Alberta, Canada
Returned to working as a Management Consultant, specializing in risk, security, and regulatory compliance, with Fujitsu Canada after running the IT shop in the largest library in the South Pacific.

CC Developing Nations
This work is licensed under a Creative Commons Developing Nations license.

Site Meter