If you use PGP, you may be a pervert
A disturbing ruling from the Minnesota justice system. The fact that a man charged with taking nude photographs of a minor had PGP installed on his computer - even though he had not encrypted anything with it - was admitted as evidence against the man. This decision was held up under appeal this week.
"The case, although never put before a jury, could establish the precendent that the use of an encryption programme might be admitted as evidence of criminal intent, as least in Minnesota. The attitude seems to be 'if you have nothing to hide why do you need secrecy tools'"
inside the man
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2005
(228)
-
▼
May
(48)
- Einstein's cosmosPBS Religion and Ethics has a tho...
- Today's public service announcementThe loon (Quick...
- The trump card falls: copyright infringement linke...
- A Google hack for librariesIn this age of hacking ...
- Security through human visual discriminationSpurre...
- 30th annual German Protestant Convention has recor...
- Today's public service announcementThe harlequin d...
- If you use PGP, you may be a pervertA disturbing r...
- A list of real web application hacking storiesJere...
- White bison for sale!A white bison, a great omen t...
- greasemonkeyI know that I have been slow to get to...
- Publishers protest Google Library projectFirst Eur...
- OpenID PingPong As a follow up to my earlier post...
- The advantage of redThis CBC Quirks and Quarks pod...
- Today's public service announcementThe snow goose ...
- What to do about "Real ID?" Does RealID make you ...
- Proof of concept: browser-based field encryption w...
- A real (beta) example of an Ajax enabled security ...
- What We Want From Our ILS Vendors Mr. Good points...
- Sikh asylum detainee sues US prison authorities ov...
- Green light for the open-ils to proceed to complet...
- Canadian court rejects music industry's quest for ...
- Go in the English language press!It is exciting fo...
- More on Ajax and secure web communicationsIt has b...
- The web is boring, Google can have itThe register ...
- Today's public service announcementThe great blue ...
- Newsweek apologises for flawed Koran desecration r...
- Hacking is good, and now piracy is good too!What's...
- Celebrating over a year of Bailey the buffalo on t...
- Today's public service announcementThe Caribou (Qu...
- Ajax and secure web communicationsUpdated May 13, ...
- VPN crypto flaw The Register reports an IPSec fla...
- Uproar over US Koran desecrationThe Muslim world i...
- Today's public service announcementThe oft malined...
- Bruce Schneier has posted a scathing critique of t...
- Today's public service announcementThe black bear ...
- Free Comic Book Day 2005 Free comic book day is S...
- FUD at slashdot over Google Web Accelerator Assor...
- Teacher-librarian's lamentA StatsCan report was re...
- US federal court rules that universities do not ha...
- The most amazing toilet in CanadaThe Edmonton Japa...
- Today's public service announcementThe cougar (Qui...
- The SANS Top 20 Vulnerabilities consensus list upd...
- Europe resists Google Print Germany, Hungary, Ita...
- Today's public service announcementThe American Ro...
- Go in the Washington Post The April 28, 2005 issu...
- 2005 Alberta Go Tournament Liang Yu has put toget...
- Photographer, I am notLawrence Lessig speaking at ...
-
▼
May
(48)
About Me
- thrashor
- Edmonton, Alberta, Canada
- Returned to working as a Management Consultant, specializing in risk, security, and regulatory compliance, with Fujitsu Canada after running the IT shop in the largest library in the South Pacific.
3 comments:
What if you use Password Safe and random passwords for all applications?
This is sort of one sided, when an admission of guilt occurs, all defense goes out the window, while the Prosecuters can always admit encryption software as evidence of wrong doing, the defens can always bring reasons for the software to mitigate the factors...
This is not really a precedent, as it is consistant with evidence rules in other fields.
Usually this type of testimony called circumstantial evidence.
PGP file level encryption is not a high enough encryption level to block an investigation in any case as EnCase has tools to crack that level of encryption.
The only truly safe encryption level is disk level encryption (I believe PGP has a disk level encryption tool).
That level of encryption will actually thwart investigators unless they get the user name and password or capture the computer while it is running and accessible.
R
This is sort of one sided, when an admission of guilt occurs, all defense goes out the window, while the prosecution can always admit encryption software as evidence of wrong doing, the defense can always bring reasons for the software to mitigate the factors, such as I am paranoid about hackers, or I have access to secure or private data.
This is not really a precedent, as it is consistent with evidence rules in other fields.
Usually this type of testimony called circumstantial evidence.
PGP file level encryption is not a high enough encryption level to block an investigation in any case as EnCase has tools to crack that level of encryption.
The only truly safe encryption level is disk level encryption (I believe PGP has a disk level encryption tool).
That level of encryption will actually thwart investigators unless they get the user name and password or capture the computer while it is running and accessible.
LP
Post a Comment