
Francis Rawls, a former Philadelphia cop, will remain in jail for refusing to decrypt a hard drive federal investigators found in his home two years ago during a child abuse investigation.
A judge ordered the man to prison almost two years ago after the suspect claimed he forgot the password of an encrypted Apple FileVault system investigators found attached to his computer while performing a house search.
Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content [source, page 5]. In addition, the man's sister told investigators that her brother had showed her numerous photos and videos of child abuse and adult material.
Rawls sent to prison in 2015
Authorities tried to make Rawls hand over the hard drive's password to verify claims, but he refused to comply. A federal judge found the man in contempt of court and sentenced him to an indefinite prison sentence until he was willing to cooperate.
Rawls said later he forgot the password and even entered three incorrect passwords during previous meetings with investigators.
The suspect appealed the indefinite prison sentence twice, but both appeals failed. His lawyers tried to argue that holding him breaches his Fifth Amendment right to not incriminate himself, but appeal judges did not see it that way.
Judges pointed out that the Fifth Amendment only applies to witnesses and that the prosecutors didn't call him as a witness but only made a request for him to unlock his device, hence Fifth Amendment protections did not apply.
Rawls files appeal with the Supreme Court
Rawls' team has now filed an appeal with the US Supreme Court on the same grounds. His team also filed a request to have Rawls released during his Supreme Court appeal as he's been held in court for more than 18 months, the standard punishment for contempt of court.
A judge declined the request saying that Rawls was not charged under a standard law (28 USC § 1826), but under All Writs Act (28 U.S.C. § 1651), hence he can be detained indefinitely.
This ancient piece of legislation dictates that US citizens must aide any law enforcement investigation. The prosecution used this legal trickery to avoid calling Rawls as a witness. This is also the same piece of legislation the FBI used against Apple when it tried to force the company to unlock the phone of the San Bernardino mass-shooter.
The government also said that Rawls doesn't have to provide them with his password anymore, as they only need him to perform the act of unlocking the hard drive.
Bleeping Computer users have pointed out that you cannot match file hashes to encrypted content. The article was updated with a link to court documents from where the prosecution's statement was cited.
Comments
anonymouse214 - 4 years ago
What happened to NASA's expert hacker?
Allen - 4 years ago
They're in space.
JohnC_21 - 4 years ago
This proves some encryption schemes cannot be cracked. I wonder if there was a legal issue where the NSA could not attempt to decrypt the drive.
Narq - 4 years ago
Well, it only "proves" THEY can't break the encryption.
Drenathor - 4 years ago
Personally I have no issues with this outcome for 2 reasons. First is that there was eye witness testimony which was backed up by forensic evidence. Additionally there was found to be inappropriate photos and videos of his own 6 year old niece as well on his phone. It would appear that he is absolutely guilty of the crimes he is charged as having committed and sentencing him indefinitely under the writs act actually is justified.
Secondly I fail to see how the 5th amendment applies to this case (Or in fact how it's interpreted by anyone these days). The 5th amendment states: "No person shall be [...] compelled in any criminal case to be a witness against himself [...] without due process of law". This means that WITH due process of law a person CAN be compelled to be a witness against himself. Just like how with due process of law a person can be deprived of live or property. To rip that one phrase out of context and not finish the sentence seems to me to be a poor method of interpreting law and a slap in the face to law enforcement.
FastCode - 4 years ago
Why do they even need more proof if hashes match? Is the judge a retard or something?
riot - 4 years ago
"Why do they even need more proof if hashes match? Is the judge a retard or something?"
simple, 2 files can produce the same hash, there is only a limited number of characters produced in a hash, and it is entirely possible to get completely different files with the same hash, a hash is not a 100% guaranteed way to identify files, therefore they don't use it in court cases as solid evidence. I've heard hashes compared to birthdays, or the birthday paradox as it is also known, basically it is the same idea, there are only so many days in a year, so it is completely impossible for everyone in the world to have a different birthday. Used in the same sense, there is no way to completely identify someone who is unknown to you, just by using their birthday.
Sure you can pretty much guarantee that is what is on the drive, its a VERY low chance it isn't, but since the chance still remains.
Its like someone trying to steal something in a store, they can put an item in their pocket, you know damn well they are going to steal it, but they can't be charged for theft until they walk outside with the item without paying for it, its just the way our court systems have become, and I personally think it is due to 2 reasons, first the number of falsely convicted people that have later been proven innocent, and 2nd because of this sue happy world we live in, where you can be sued over the craziest things and lose, like a thief who break a limb while trying to leave your residence after breaking in and stealing from you. Nothing we can do about it, he is sitting in jail at least
NickAu - 4 years ago
If he was innocent he would have unlocked the drive way back when, It is easier to be in prison for contempt of court than as a convicted sex offender.
One way or another a monster is off the streets.
Narq - 4 years ago
But the point here is not if this particular person is guilty or innocent, it's about rights and the US Constitution. Sure, he's likely guilty and he's where he belongs, but what if we fell under an oppressive government and had already relinquished our rights to privacy and to not incriminate ourselves? What if religion were outlawed and you had a Bible or Quran locked up in your safe? What if you had stored documents on your computer that expressed anti-government sentiments or your belief in a god?
The issue is much larger than one individual. Recall the Blackstone Ratio: "Better that ten guilty persons escape, than that one innocent suffer.”
Angoid - 4 years ago
Am I missing something here? The hashes match those for " known child pornography content" but the drive is encrypted. If the drive is encrypted, then the hashes computed would be for the encrypted data, not the unencrypted data, and thus not be the same.
Either that, or the hashes were computed before the data was hashed.
What I'm trying to say is that if the content has been encrypted then the key would determine the actual data that came out, the ciphertext. This would then have been hashed, and produced different hashes.
So if I have file A and hash it, then the hash would be hash(A)
If I encrypt file A using key K1, then the hash would be hash(encrypt(A, K1))
If I encrypt file A using key K2, then the hash would be hash(encrypt(A, K2))
The three hashes would be different.
So how can the hash match known hashes?
OK, just seen this comment in small italics at the bottom of the article: "Bleeping Computer users have pointed out that you cannot match file hashes to encrypted content. The article was updated with a link to court documents from where the prosecution's statement was cited."
So ignore me :)
NickAu - 4 years ago
Quote
" The hashes match those for " known child pornography content" but the drive is encrypted."
The 2 files in question did not actually contain child porn, they were honey pots and law enforcement knew the hashes and the contents of the files, and they were downloaded to his laptop before being transfered to the drive in question and encrypted, they found the hashes on the laptop but not the files.
The laptop he used to download the files was not encrypted.
Occasional - 4 years ago
The comments posted here are helpful in that they show that the particulars (including technical details), matter. Judges, juries, legislators and policy makers will have to deal with increasingly technical details - as well as with uncharted territory, as the scale and scope of cyber activity accelerates.
Still, the reliability of those principles and doctrines that form the backbone of our judicial system remain as important and as effective as ever.
If I read correctly the article and the comments (especially NickAu's), the state should have all they need for a conviction, without the decryption of the hard drive. It is probable that the state wants the decryption, not for further evidence in this case, but as it might lead to cases against other individuals, or as a means to find and help victims.
Then the question is: what means of coercion are acceptable? The usual recourse is a plea bargain: lesser charge in exchange for full cooperation.
NickAu - 4 years ago
"If I read correctly the article and the comments (especially NickAu's), the state should have all they need for a conviction,"
Maybe maybe not, They know he downloaded the files that in itself may not be a crime, he could argue that it was an accident or mistake and the files were deleted, as its only 2 files the benefit of doubt is on his side.
Decrypting the drive on the other hand could reveal thousands of child exploitation images and videos that could see him doing life in prison instead of a year or 2.