Thursday, February 14, 2008

Prosecutorial palavers about dildos, unhackable passwords, bogus forensics and copper theft

I hadn't visited the Texas prosecutors association message board in a while, and doing so today found several interesting goodies there:

One less felony on the books: Texas ban on sex toys struck down
I've mentioned before that Texas had 2,324 separate felonies on the books, but as of yesterday the new number is 2,323. Via this post, we learn that the 5th Circuit struck down Texas' statute criminalizing the sale of sex toys. See the 5th Circuit opinion, which relies primarily on the 14th Amendment as explicated in two landmark cases - Griswold v. Connecticut and Lawrence v. Texas - to determine that the state could not prohibit the toys' sale. From a distance this looks like quite a shift for the 5th Circuit, which at times has seemed barely aware of either the 14th Amendment or this line of cases. The Denton ADA who posted the item hoped wistfully the case might be appealed to the US Supreme Court, but more likely than not this decision will stand and simply erase Texas' prudish and outdated law.

Unhackable Passwords
I found this thread quite interesting on the limits of police ability to hack into hard drives using the PGP ("Pretty Good Privacy) encryption system.

Bogus Forensics
Yet another interesting thread focused on allegedly "bogus forensics," where one prosecutor declared ""the chances of being wrongly punished because of a false positive or bogus test are smaller today then they've ever been." Another commenter disagreed, though, declaring:
I'm not so certain this is true, because today there are so many tests (with attendant experts) out there - many of them with no real scientific grounding. What's worse, even if the theory underlying the science is valid, the actual practice is often undertaken by people/organizations with less than stellar competence. Example 1: The Houston crime lab fiasco. On CSI you see all these hyper-smart highly motivated experts working with 'state of the art' technology in an aesthetically pleasing laboratory....reality is often an under-achieving lab tech with a 'safe' government job in a crowded, dirty, underfunded, basement lab who knows there is little chance of being caught 'drylabbing.'
See the rest of sjf's comments for an interesting discussion of the downsides of science in the courtroom.

It may be a felony but you still have to catch them
This TDCAA discussion string focused on copper theft, which the Texas Legislature just made a state jail felony last year, even for stealing small amounts. The discussion tells me that the main problem isn't how harshly copper thieves are punished, but how to catch them? This seems to me another case where the Lege increased penalties to look like they're doing something, but the real problem goes unresolved because what's really needed is better front-end enforcement. The strategy described in Houston seems more likely to yield results:
Undercover police officers would go to scrap metal dealers posing as employees of an air conditioning company. They told the operators of several scrap metal places that they wanted to sell the coils from air conditioning units. But, they would ask if the dealer ever did business with the company that hey "purportedly" worked for. They didn't want someone from their company or thier boss to show up while they were trying to sell the coils. They made it clear that they were stealing the coils from their employer and wanted cash for the copper in the coils. All of this was recorded. They wouldn''t arrest anyone at that time but just sell them the coils. After they visited several places on more than one occassion each selling "stolen" coils to them the officers then met with me and I dreafted search warrants of each location for documentation of the purchase of the items. Texas law requires that they document the purchases. In every purchase, the owners of the scrpa metal dealership would fill out a receipt, as required by Texas law, but they put in phony names and dates, which we could substantiate from the taped recordings of the purchase.
See other discussion threads from Texas prosecutors - they always make for interesting reading.


Anonymous said...

The post on encryption is very interesting because of an aspect that no one there has actually brought up(although one user got pretty close). They brought up an auto-destruct sequence, but what they didn't bring up was the concept of duress keys.

Duress keys are valid passwords that work in the situation where the user is under duress to provide the password but doesn't want to actually expose the data hidden behind. When they provide a duress key, some portion of the data is exposed, as though the key was used successfully and the data unlocked. However, data the user has chosen to keep hidden is still hidden. To get to that, you need to know the real password. A user can actually have many duress keys.

Self-destruct systems are interesting, but also pointless unless the encryption is on the hardware level, because proper data forensics are done using the drive, having been connected through a read-only mask that prevents any write operations from going to the disc(to avoid having software on the test machine alter the drive in any way from when it was taken from the suspect).

If you're trying to crack into an encrypted drive, though, usually you stop cracking once you find something successful. With duress keys, you've just introduced false positives into the mix. When do you stop cracking?

Remember, even with their boasts of federal password cracking operations, the number of keys that have to be checked to exhaust the problem space is impossibly large. The number of possible 128-bit encryption keys is 2^128, or, in expanded decimal form(with a line break to keep it visible), 340,282,366,920,938,463,463,374,607,
431,768,211,456 keys. If you could check 10^18 keys every second, which is a billion billion keys every second, it would take 10^13 years to exhaust the problem space. The estimated current age of the universe is (1.3 * 10^10) years, to give you an idea of the timescale we're talking about.

Without duress keys, you could conceivably get lucky and stumble across the key in a decent span of time. If you don't know what you're looking for, then you don't know the difference between the real key and a duress key, and so you would have to keep it running in order to exhaust all possibilities. After all, it might be a good idea for someone with really dark secrets to hide to create some duress keys which show different levels of data. Maybe some keys just show business documents. Maybe another layer reveals some mp3s and disturbing but legal pornography. Someone may think "Oh, this is what they were hiding", when of course the real dirt is still hidden, and the real key still unknown.

Probably the best way for the prosecution to try to find the password is via a physical search. 128-bit keys are not simple creatures, and few people can remember these keys. Those who are not strongly into cryptography are either using some sort of passphrase run through a key generator, or a randomly created key that's been written down. The former can be guessed easier, as you just have to know what the algorithm for generating the keys is, and the latter is something you might find by searching the suspect's safe. But a real serious user of encryption? He's memorized that sucker, or is storing it in a highly secure unknown location, and the key you found written down in his safe was a duress key.

Anonymous said...

It may be a felony but you still have to catch them

This sounds like a bum steer

Gritsforbreakfast said...

Rage if it were a Bum Steer Award it would go to House Criminal Jurisprudence Chairman Aaron Peña, who authored the bill and passed this and many other penalty increases, including a slew of new felony enhancements, out of his committee. Somehow Texas Monthly missed this one, though.

Ron in Houston said...

I'm shocked and dismayed at those Denton county DA's.

Yeah, lets throw some more taxpayer money down the tube supporting some law that shouldn't have been on the books to begin with.

Those people with power scare me. They need to have power stripped from them.

Anonymous said...

Rosenthal resigns, citing impaired judgment due to prescription drugs.

(No mention if it was a Viagra prescription)

Anonymous said...

The only reason I look at your website is to remind myself that without people like me you would have nothing to gripe about. Maybe Johnny Paul Penry should have murdered and raped your daughter, sister, or wife. I bet then you would look at things a lot differently then

Gritsforbreakfast said...

And what does this post or anything I've written have to do with John Paul Penry, 11:13?

Nice, honorable person you are wishing he'd raped and murdered my wife. You're just the kind of person I want protecting us from crime. Good thing for everyone you're on the job. Glad I could help expand your sense of self satisfaction and superiority.

Anonymous said...

Remember when you read quotes from the prosecutor's boards that the people posting aren't always prosecutors. Their boards are open to anyone to register and post (unlike the defense attorneys, who like to keep all their forums secret from non-defense lawyers). So you sometimes get posts from people who hold beliefs that you'd be shocked to fins a prosecutor holding, but there's a good reason for that--they aren't all prosecutors.