A few days ago I took note of State v. Levie, in which Levie was convicted of solicitation of a child to engage in sexual conduct, which included taking nude photos (Mere Presence of Encryption on PC Relevant to Criminal Acts). Levie had appealed the case in part based on the district judge allowing evidence that a common cryptography program was on Levie's computer.
Prof. Orin Kerr takes issue with the characterization of the case as holding that the presence of a cryptography program is relevant evidence of a crime (Myth of Crypto as a Crime).
Obviously, the idea that using encryption necessarily reflects criminal activity is rather silly; Internet users use encryption all the time for all sorts of legitimate reasons. As many critics of the new decision have noted, it makes no sense to see encryption as inherently linked to crime. But contrary to the blogospheric common wisdom, no court ever said it was. [emphasis in original]
Kerr argues, instead, that the court was using the presence of the cryptography program as evidence that Levie was a sophisticated computer user, which would explain why the police found no child pornography or nude child photos on his computer.
Although the opinion is not clear on this, it's not hard to imagine why the contents of the computer were relevant. The girl had testified that the defendant had put nude pictures of her on his computer, but no pictures were recovered. The defense presumably argued that the lack of pictures showed the niece was lying. The government pointed to the Internet search terms as corroboration, and argued that the lack of photos on the defendant's computer only reflected the fact that he was savvy enough to get rid of the images, hide them, or encrypt them because he knew the police were coming. The evidence of the defendant's careful effort to hide the files and evade law enforcement was the downloaded text of the state statute and the copy of PGP. Not slam-dunk evidence, obviously, but not entirely irrelevant.
That is certainly the argument I would make about the interpretation of this case should the issue rise again, but I'm not sure that is really what is going on. As Kerr notes, "the opinion is not clear on this".
Were there encrypted files on the computer or not? The district judge says, "evidence tends to show that an encrypting capability was employed by the Defendant", but there is no mention of what the evidence might be, other than the presence of PGP on the computer. Were there encrypted files? Were there erased files? Were those erased files encrypted? Any evidence of that nature would end the legal discussion pretty darn quickly. Since it isn't mentioned, we can presume that there wasn't. If you don't have any evidence of actual encryption going on and either erasure or transfer of the encrypted files, it is hard to see how mere presence of a program that "may be included on every Macintosh computer that comes out today" according to the State's own witness is relevant here.
If the presence of PGP simply shows that one is a sophisticated computer user, why mention only PGP? Wouldn't there be other evidence of sophistication? Again, the state's own witness testified that PGP "may be included on every Macintosh computer that comes out today," which wouldn't prove one wit about the user's sophistication, unless one presumes that Macintosh users are, by definition, sophisticated. One wonders how sophisticated this guy was, since he didn't completely wipe his browser.
As for hiding files, PGP is no evidence of that either. PGP encrypts files, it doesn't hide them. If Levie had a "military-grade" disk-erasing program, that would be clearly relevant, but there's nothing like that in the record.
Even if the evidence of PGP was excluded, it doesn't mean Levie goes free. The error wasn't prejudicial, and there was plenty of other evidence to hang a conviction on.
Ernest Miller pursues research and writing on cyberlaw, intellectual property, and First Amendment issues. Mr. Miller attended the U.S. Naval Academy before attending Yale Law School, where he was president and co-founder of the Law and Technology Society, and founded the technology law and policy news site LawMeme. He is a fellow of the Information Society Project at Yale Law School.
Ernest Miller's blog postings can also be found @
1. Greg Parker on May 27, 2005 01:15 PM writes...
Note that Mac OS X also includes a military-grade disk eraser, assuming the DoD 5220.22-M seven-pass algorithm or Gutmann 35-pass algorithm count as "military-grade". In Mac OS X Tiger, "Secure Empty Trash" is right there in the Finder, which eliminates most of the sophistication argument.
Permalink to Comment2. Seth Finkelstein on May 27, 2005 06:33 PM writes...
I had similar thoughts as Kerr, but decided it wasn't worth bucking the conventional outrage-dom.
Look, this is TWO OR THREE LEVELS removed from the original judgement call - first there was the raw argument, then whatever the trial judge decided, now the appeals court review. Of course the details will now be unclear.
Nobody without maybe a trial transcript can provide the actual answer. Because that's the level the evidence decision was made.
Permalink to Comment3. Ernest Miller on May 27, 2005 07:00 PM writes...
Well, that presumes that the appellate judges are idjits. The appellate judges have access to the full court record, as necessary. If there was evidence in the record to show a clear and relevant link, they would have used it, unless for some reason, they're not doing their jobs.
Permalink to Comment4. Seth Finkelstein on May 27, 2005 07:22 PM writes...
But they did make reference to the trial, as you note:
"After closing arguments and an adjournment, the court explained its findings orally, noting that: ... the "evidence tends to show that an encrypting capability was employed by the Defendant;"" They didn't *re-cite* that evidence - but they wouldn't.
They basically said "The trial court made a judgement call. We don't find it a clearly abusive call.".
The blog-outrage is basically saying: It's not enough to decide it wasn't a clearly abusive call. It should be painstakingly and thoroughly explained why it was the correct call.
But they aren't going to do that. Hence it would be a huge amount of work to even attempt to provide the level of detail which would even begin to satisfy the blog-outrage.
Permalink to Comment5. Ernest Miller on May 27, 2005 07:29 PM writes...
It's an appeals court, the case is up on appeal because the defendant didn't think he got a fair shake on a handful of potential bits of evidence. How hard would it be to go to the original investigative report and note that there were a number of encrypted files that were deleted, or something similar? If they're going to be so cavalier about it, why bother having anything more than an order? Why write a decision. This isn't about satisfying blogger outrage, this is about some very rudimentary evidence issues. It wouldn't have taken much to show that the presence of PGP was relevant. This wasn't a side issue, either, it was specifically part of the appeal.
Permalink to Comment6. Seth Finkelstein on May 27, 2005 07:56 PM writes...
"If they're going to be so cavalier about it, why bother having anything more than an order? Why write a decision"
But this was a very minor part of the case - it's just getting big play because someone with a big megaphone hyped it up to outrage the Net audience.
As you know, I'm not lawyer - but my understanding about the system is that at the appeals level, they basically won't review evidence, they review decisions about evidence. So if the appeal is about whether the evidence was relevant, and the evidence is a small part of the case, they won't ordinarily go back and give a long explanation about the evidence. They just note the reasoning (as they did), make a call, and move on. From their perspective, this is not a big deal. It wouldn't change anything, it's not legally complicated, it's a clear call.
Would they have written it differently if they had known that a yellow-"journalist" would be making an issue? Probably. But in context, have they done anything less than a typical amount for this judicial level and evidence circumstances?
Permalink to Comment