I fear I'll be barbecued for asking, but I must: What's the alternative? I am a privacy advocate and understand that the law can (and likely will) abuse a forced decryption law.

However, the story you linked is about a _police officer_ who was suspected of child pornography. His sister reported him to the police and 'content stored on the encrypted hard drive matched file hashes for known child pornography content'.

How can you look in the mirror and think he should go free without the evidence being examined? I couldn't live in a world where a suspect could say "Well, I forgot the password" and walk away Scott-free on such an ugly crime.

> How can you look in the mirror and think he should go free without the evidence being examined? I couldn't live in a world where a suspect could say "Well, I forgot the password" and walk away Scott-free on such an ugly crime.

This is the price we pay for an imperfect world, I'd rather a few murderers walk than many innocent men be imprisoned. Your balanced, nuanced idealism simply doesn't work at scale, you cannot assume that every judge, jury, and LEO will be good, so you've got to give the criminals rights even if you're pretty sure they're criminals.

As a judge or LEO I'd have a much harder time looking in the mirror knowing I stole an innocent man's life than knowing that I might not have stopped every criminal.

How does not being able to force someone to decrypt their hard drive overlap with innocent men being imprisoned?

It's potentially happening right now.

While circumstantial evidence would suggest the cop who is being asked to decrypt his computer is in fact guilty of at the very least looking at child porn, we don't know concretely, yet he is being jailed until the judge decides that he really won't release the password. Imagine a less scrupulous judge and a more innocent man, maybe he's trying to protect the identity of source, suddenly it doesn't seem fair that the man should be jailed, yet in a world where we can compel you to release the password both cases are the same.

LEO?

Law Enforcement Officer

>His sister reported him to the police and 'content stored on the encrypted hard drive matched file hashes for known child pornography content'.

If that's evidence enough to hold him in jail indefinitely then it's evidence enough to convict him. So convict him using it. There's no need to force him to self-incriminate.

If it's not evidence enough then the alternative to this is do good police work that doesn't require holding suspects in jail indefinitely until they incriminate themselves.

>I couldn't live in a world where a suspect could say "Well, I forgot the password" and walk away Scott-free on such an ugly crime.

What if it was a slightly different scenario. What if instead of encrypting the child porn he deleted it right before the police came in. Would it be ok if he was held in jail indefinitely until he confessed? What if we just hold all suspects in jail indefinitely until they confess?

The biggest "what if" is, what if he actually did forget the password? I have an encrypted backup of an old computer that I actually have forgotten the password for. The only reason I keep it is because I think there's a small amount of LTC on there. I wonder if I should delete it in case police ever get their hands on my drive.

The alternative is real privacy.

> However, the story you linked...

Freedom only works when it also protects things you don't like. Because of that, the specifics of any one case are totally, completely irrelevant.

> I am a privacy advocate and understand the the law can...abuse a forced decryption law.

There is no sentence after that that justifies having a forced decryption law unless "I am a privacy advocate" is a lie, I'm sorry. You don't have to be a privacy advocate, that's fine, but don't wear that mantle if you're not willing to actually advocate for privacy. The entire point is that it doesn't matter what is being kept private.

Upvoted because while I disagree with your thought process it seems like a good-faith question.

> 'content stored on the encrypted hard drive matched file hashes for known child pornography content

Sounds like BS to me, how can they match hash of encrypted content without the key?

That's because it is BS and this is not how cryptography works. Either the drive was decrypted and they have the file hashes, or the drive was encrypted and they don't. Or they caught the transfers on the wire, but this is much less likely, and impossible to determine if they were recorded on the HDD, because it's encrypted.

This. It's encrypted data. You can't even see where the files are.

I can only surmise that this means that they scanned the content of the hard drives and found data sequences that matched some file hashes of known child pornography.

If that's the case, why do they even need the drive to be decrypted? All they'd have to prove is that the drive was not owned by anyone other than the accused and could then say that there was CP saved onto this drive by the guy.

If they matched the hashes to data on the drive, the files are already on there unencrypted. Could be some space left by a now-deleted unencrypted partition, or maybe some leftover data in a temporary location where the data is saved before being encrypted.

Together with the witness testimony, that seems pretty compelling.

I don't even think they'd need to prove that. It's there and it's in his possession, isn't that alone a crime?

> how can they match hash of encrypted content without the key?

Right!? This sounds like, "We know you have it and we can see it, we just want the password to prove it was _you_ who did it."

Also, whilst I'm here, it does strike me as very odd that the justice system in the United States has such a raging evangelicalism about getting to the truth, that it will impose against a person's rights, just to get at that truth.

To refer to the old Eddie Izzard joke:

"If you commit perjury, I don't care. Don't give a shit. I don't think you should because you grade murder. You have Murder One and Murder Two. You realize that there can be a difference in the level of murder.

So there must be a difference in the level of perjury. Perjury One is when you're saying there's no Holocaust when, you know, 10 million people have died in it, and Perjury Nine, is when you said you shagged someone and you didn't."

The whole precept of the truth being this infallible end-gaol, which must be attained - no matter what, is just as abusively dehumanising as the phrase, "Well, if they weren't doing anything wrong..."

Sorry, wrong meeting... I'll see myself out.

The same way when a person denies they committed an offense, build a case

If he is so obviously guilty, then why not judge him with the current evidence?

Also, "content stored on the encrypted hard drive matched file hashes for known child pornography content" - this sounds like BS (but do feel free to correct me please), I am not aware of any full-disk-encryption software that stores the unencrypted hash of whole unencrypted files.

That's the cost of liberty.