Update: Man jailed indefinitely for refusing to decrypt hard drives loses appeal

[steven36]

Our client has now been in custody for almost 18 months,” defense attorney says.

 

 

On Monday, a US federal appeals court sided against a former Philadelphia police officer who has been in jail 17 months because he invoked his Fifth Amendment right against compelled self-incrimination. He had refused to comply with a court order commanding him to unlock two hard drives the authorities say contain child porn.

 

The 3-0 decision (PDF) by the 3rd US Circuit Court of Appeals means that the suspect, Francis Rawls, likely will remain jailed indefinitely or until the order (PDF) finding him in contempt of court is lifted or overturned. However, he still can comply with the order and unlock two FileVault encrypted drives connected to his Apple Mac Pro. Using a warrant, authorities seized those drives from his residence in 2015. While Rawls could get out from under the contempt order by unlocking those drives, doing so might expose him to other legal troubles.

 

 

In deciding against Rawls, the court of appeals found that the constitutional rights against being compelled to testify against oneself were not being breached. That's because the appeals court, like the police, agreed that the presence of child porn on his drives was a "foregone conclusion." The Fifth Amendment, at its most basic level, protects suspects from being forced to disclose incriminating evidence. In this instance, however, the authorities said they already know there's child porn on the drives, so Rawls' constitutional rights aren't compromised.

 

The Philadelphia-based appeals court ruled:

Quote

Forensic examination also disclosed that Doe [Rawls] had downloaded thousands of files known by their "hash" values to be child pornography. The files, however, were not on the Mac Pro, but instead had been stored on the encrypted external hard drives. Accordingly, the files themselves could not be accessed.

 

The court also noted that the authorities "found [on the Mac Book Pro] one image depicting a pubescent girl in a sexually suggestive position and logs that suggested the user had visited groups with titles common in child exploitation." They also said the man's sister had "reported" that her brother showed her hundreds of pictures and videos of child pornography. All of this, according to the appeals court, meant that the lower court lawfully ordered Rawls to unlock the drives.

 

 

The Magistrate Judge did not commit a clear or obvious error in his application of the foregone conclusion doctrine," the court ruled. "In this regard, the Magistrate Judge rested his decision rejecting the Fifth Amendment challenge on factual findings that are amply supported by the record."

 

The suspect's attorney, Federal Public Defender Keith Donoghue, was disappointed by the ruling.

 

"The fact remains that the government has not brought charges," Donoghue said in a telephone interview. "Our client has now been in custody for almost 18 months based on his assertion of his Fifth Amendment right against compelled self-incrimination."

 

A child-porn investigation focused on Rawls when the authorities were monitoring the online network, Freenet.

 

The decision from the appeals court comes as encryption is becoming more common on mobile phones and computers. What's more, encryption has seemingly become part of the national political discussion concerning whether governments should demand that companies bake backdoors into their encrypted products so that authorities can access content on encrypted devices.

 

The Supreme Court has never ruled on the forced decryption issue. A different federal appeals court, the 10th US Circuit Court of Appeals based in Denver, ruled in 2012 that a bank-fraud defendant must decrypt her laptop. The order wasn't enforced, however, as the authorities eventually accessed the laptop without her assistance.

 

The contempt-of-court order against Rawls was obtained by authorities citing the 1789 All Writs Act. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple, in which a magistrate judge ordered Apple to produce code to enable the FBI to decrypt the iPhone used by one of two shooters who killed 14 people at a San Bernardino County government building. The government dropped the case when authorities paid a reported $1 million for a hack.

 

"Unless the suspect unlocks the drives or a court unwinds the order, he will remain jailed," Marc Rumold, an Electronic Frontier Foundation staff attorney who filed a friend-of-the-court brief in the case, said in a telephone interview.

 

In that brief, the EFF said "compelled decryption is inherently testimonial because it compels a suspect to use the contents of their mind to translate unintelligible evidence into a form that can be used against them. The Fifth Amendment provides an absolute privilege against such self-incriminating compelled decryption."

 

The authorities, however, said no testimony was needed from Rawls. Rather, they said, (PDF) "he can keep his passwords to himself" and "produce his computer and hard drives in an unencrypted state."

 

 

By David Kravets

https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/

 

[David]

Encryption for good and for bad...

[steven36]

1 hour ago, David said:

Encryption for good and for bad...

The reason they stopped making TrueCrypt was the guy who invented it was busted for drugs and weapons smuggling and he started ratting everyone out and they started getting arrested and most likely he told law enforcement it's weakness . Right after this they stop updating  it and put a warning up not to use it. Same with the Tor Exploit  they got a dev  to help them exploit it.  

 

Encryption has always been used for good and Evil even Hitler used it.  But many times its someone who was involved in making the code who exposes it. That's why they want back doors in it  because the government has never been able to unlock it without help. And they can backdoor  it all they want in the USA  but that dont stop DEVS from overseas making it were they cant put backdoors in it . So it's easier said than done than ,just making a law for one country can not control it. It just will cause people to seek non USA made  encryption.  

 

A  good example of this is China already put backdoors in  software and hardware also they  banned encryption but  that don't stop people in China  from finding ways around the great firewall  and it also dont stop them from downloading software from other places that dont have backdoors in it.

 

Hidden Backdoor Found in Chinese-Made Equipment. Nothing New! Move Along!

https://www.bleepingcomputer.com/news/security/hidden-backdoor-found-in-chinese-made-equipment-nothing-new-move-along/

Encryption Is Worldwide: Yet Another Reason Why a US Ban Makes No Sense

https://www.wired.com/2016/02/encryption-is-worldwide-yet-another-reason-why-a-us-ban-makes-no-sense/

 

[straycat19]

2 hours ago, steven36 said:

The reason they stopped making TrueCrypt was the guy who invented it was busted for drugs and weapons smuggling and he started ratting everyone out and they started getting arrested and most likely he told law enforcement it's weakness .

 

There is no proof, as of this year, that Paul Le Roux was the developer of Truecrypt.  The developing 'team' in 2004 was anonymous, though employees at SecurStar thought that Le Roux, a former employee, was behind it.  That has never been proven and no specific individual was connected with its development until 2014 when Professor Matthew Green of John Hopkins University came forward as the leader of the Truecrypt audit.  Le Roux testified in court in 2016 that he was not the developer and there is no information to contradict that testimony.  He was a DEA informant but there is nothing connecting him with divulging any weakness in Truecrypt. Truecrypt went under several different releases under different licenses   There are two current forks of Truecrypt, called CipherShed and Veracrypt.  Gibson Research has a webpage dedicated to Truecrypt in which Steve Gibson declares it is still safe to use.

 

https://www.grc.com/misc/truecrypt/truecrypt.htm

 

[steven36]

1 hour ago, straycat19 said:

 

There is no proof, as of this year, that Paul Le Roux was the developer of Truecrypt.  The developing 'team' in 2004 was anonymous, though employees at SecurStar thought that Le Roux, a former employee, was behind it.  That has never been proven and no specific individual was connected with its development until 2014 when Professor Matthew Green of John Hopkins University came forward as the leader of the Truecrypt audit.  Le Roux testified in court in 2016 that he was not the developer and there is no information to contradict that testimony.  He was a DEA informant but there is nothing connecting him with divulging any weakness in Truecrypt. Truecrypt went under several different releases under different licenses   There are two current forks of Truecrypt, called CipherShed and Veracrypt.  Gibson Research has a webpage dedicated to Truecrypt in which Steve Gibson declares it is still safe to use.

 

https://www.grc.com/misc/truecrypt/truecrypt.htm

 

These forks should be illegal too because iit never was open source

 

Quote

 

28 May 2014 announcement of discontinuation of TrueCrypt also came with a new version 7.2 of the software. Among the many changes to the source code from the previous release were changes to the TrueCrypt License — including removal of specific language that required attribution of TrueCrypt as well as a link to the official website to be included on any derivative products — forming a license version 3.1.

On 16 June 2014, the only alleged TrueCrypt developer still answering email replied to a message by Matthew Green with regards to the licensing situation. He is not willing to change the license to an open source one, believes that Truecrypt should not be forked, and that if someone wants to create a new version they should start from scratch.

 

https://en.wikipedia.org/wiki/TrueCrypt

CipherShed and Veracrypt. stole the code  lol Sorry i dont believe nothing Le Roux says one of the 1st things cops are taught  is too lie in court  to get  a conviction .I had them lie on me before  and little did they know i had proof in my hand they was lying  and i got them good!

 

Le Roux was a CI who worked for the police who would do or say anything too stay out of jail and I should believe anything he said in court?

 

Quote

Le Roux’s involvement with TrueCrypt still remains unclear as of 2016. Le Roux himself has denied developing TrueCrypt in a court hearing in March 2016, in which he also confirmed he had written E4M.On the other hand, he reportedly ordered employees around 2007 to encrypt their hard disks with E4M and later with TrueCrypyt

https://en.wikipedia.org/wiki/Paul_Le_Roux

Witch leads me to believe he lied in court ..!

[steven36]

 

Quote

 

The Mastermind Episode 3:

How did a Usenet troll and encryption genius become a criminal mastermind?

 

For a man who built an empire in pixels, Paul Le Roux seemed like a digital phantom. After his name surfaced in the press in late 2014, I spent the better part of a year trying to understand him through the same means by which he’d directed his massive pharmacy business: the Internet. Late at night, I would open my laptop and plunge into an online wormhole, searching for clues about who Le Roux had been and what he became.

 

 

There I found another Paul Le Roux, from another time—one who’d left his trace in archived copies of long-dormant websites and message boards. This Le Roux had been famous among a small community of hackers and privacy geeks in the early 2000s as the author of an important piece of encryption software. Before encryption was a mainstream idea, before Apple defied a U.S. government request to provide a method to unlock our phones, this Le Roux had written the underlying code of a program that, a decade and a half later, the National Security Agency still could not break.

 

 

The question was: Could the Le Roux who politely answered jargon-laden posts about encryption software be the same one who ordered the murder of a real estate agent over a bad deal on a beach house? At first I thought I would never know. The former Paul Le Roux seemed to have disappeared from the Internet in 2004. Encryption experts I contacted had no idea what had become of that Le Roux, and there was no evidence linking him to the man known for drugs and gun running.

 

 

One night in October, I had been at the computer for hours when I finally found the missing link. It was a website once registered to the encryption Le Roux, in the early 2000s, and later transferred to a Philippine company controlled by the crime-boss Le Roux. My immediate reaction upon discovering this connection was a sudden and irrational fear: Le Roux was something new, a self-made cartel boss whose origins were not in family connections but in code. Not just any code, but encryption software that would play a role in world events a dozen years after he created it.

 

 

I stared at the address on the screen, a post-office box in Manila, left now with a still larger mystery: What had turned the earnest, brilliant programmer into an international criminal, with a trail of bodies in his wake?

---

One way that hackers and government agencies break into encrypted files and communications is through something called a brute-force attack. The process involves trying every possible combination of letters, numbers, and symbols that might make up a password. Brute-force attacks require enormous computing resources, and the strongest encryption renders them impossible simply by making the number of combinations so large that it would take lifetimes to find the correct one.

 

 

When I began my research into Le Roux, he struck me as a kind of encrypted mystery. A few scant details about his criminal existence had been reported in the media, mostly speculations about the mythological size and scope of his empire, but there was little about who he was or how he had built it.

 

 

At first I tried my own version of a brute-force attack. Le Roux’s name had surfaced in a court filing associated with the case of Joseph Hunter, his ex-enforcer, and another connected to RX Limited, his prescription-drug firm. I made a list of every name, company, and location in the documents of those cases and began looking them up online, separately and in combination.

 

 

Amid the vastness of the Internet, there were an almost infinite number of ways for me to search for evidence of his existence. I would start with a scrap of information—say Your-pills.com, one of the thousands of sites affiliated with RX Limited—and trace its connections. Who owned the site and when? Which mailing address was it registered to? Each of those formed a new starting point.

 

 

After months of rote data collection, I had amassed tens of thousands of pages of research. There were snippets from long-dead message boards from the early 2000s, Hong Kong legal databases, and obscure newsletters put out by the Australian Federal Police. Here was Le Roux listed as a director of a company in the UK called SSD Software in 2001. There was his name popping up in a 2008 FCC complaint regarding a company in Florida making a marketing call to someone on the National Do Not Call Registry.

 

 

The data points were tantalizing, but ultimately the mystery was too complex for brute force. Another way to crack encryption is called a back door. If a government can convince a software maker to create a secret way into a program, and to share that key only with the government, then the secrets protected by that software will reveal themselves. 

 

 

I needed a back door into Paul Le Roux’s life. Then, two weeks ago, a key dropped into my inbox.

 

About The Mastermind

He was a brilliant programmer and a vicious cartel boss who became a prized U.S. government asset. The Atavist Magazine presents a story of an elusive criminal kingpin, told in weekly installments. (And a coming book, from Random House.) New here? Start with Episode 1.

 

https://magazine.atavist.com/the-mastermind