Bruce Scheier reports on some intersting comments regarding the recent Minnesota court hearing that just having PGP on your computer can be used as evidence against you:
The opinion is not explicit that the PGP evidence was used to show criminal intent or consciousness of guilt, but I think that is fairly implied, especially since the court is not clear or specific about the relevance of the PGP evidence to the problem of the missing child porn photos. Police did not find encrypted files on the defendant’s machine, or evidence that the illegal pictures were encrypted or erased. The opinion references the defendant’s “encrypting capability” in the context of other evidence he expected the police to raid him, which could be read either as consciousness of guilt, or as reasn to believe he disposed of the photos. And the victim’s testimony that defendant took digital photos of her is not corroborated by the encryption technology in the strict sens of that word. So there is reason to believe that the court drew a broad negative inference from the mere presence of encryption technologies, and this is the reason for concern.
Perhaps more worrisome isn’t what this opinion says or doesn’t say, but how it could be used by courts looking at this issue in the future. This is why its important for appellate courts to be more explicit about exactly what they are ruling.
Like I said before, this is a VERY dangerous path they are treading on….
This is truly a most worry some development in my opinion.
The quality of the courts ruling in this case leaves much confusion due to its failure to clearly state what the court means. It is much too broad in it’s implications as to the use of encryption software. From a specific case that dealt with child pornography the court has left open the question of any use of encryption software being an indication of guilt.
That is not what should be drawn from this ruling or this case but that is what can be construed from reading this opinion if you so chose. When a broad poorly written court opinion gets handed down it leads to problems. This ruling is certainly poorly written and will certainly result in problems down the road for all users of encryption software.
It is also interesting to note that since Microsoft XP has an encryption feature built in that all users have available encryption software and encryption capabilities if they are using XP. I wonder if that means we could all be considered suspect just because we COULD use encryption with XP if we choose too.