Cатсн²² (in)sесuяitу / ChrisJohnRiley

This week, news.com broke a story in the US surrounding the Fifth Amendment rights of a defendant to refuse to divulge his PGP encryption passphrase. Putting aside the already widely spoken about issues over the Judge’s decision on the case not to force the defendant to divulge his passphrase, I’d like to touch on the whole reason for these issues, poor first response.

Background .: Back on December 17th 2006, Mr. Boucher and his father passed through a Canadian border post into the United States. After an inspection the officers discovered a laptop, which was searched for banned material. On the hard drive over 40,000 images of pornography (some containing child content) were discovered.

This is the point where the documented course of action wasn’t taken. The Officer in charge of the case at that time, Agent Curtis (an experienced agent with training in recognizing and dealing with child pornography) decided that it was best to seize the laptop after shutting it down.

To those in the know about computer forensics (and even to somebody who is a beginner like myself) this is the cardinal sin of forensics. Before any computer is shutdown the memory and running state should be imaged for later use. If this had been done, then the passphrase used to secure the images should (I resist saying will, as nothing in life is certain) be present in memory. This is yet another case where poor knowledge and/or training on the side of the authorities leads to problems in prosecution.

I’m sure this will happen again, as no system or procedure is 100% perfect. However this shows a clear lack of training or a gap in processes.

For a full legal breakdown of this story please see volokh.com

As always, opinions are welcomed …..