Author Archives: Michael Froomkin

Dolphins Win a Game

Posted on December 16, 2007 by Michael Froomkin

Dolpnhins win a game. Will wonders never cease…..

Posted in Miami | Comments Off on Dolphins Win a Game

UK Prepares to Enforce Crypto Export Control Against Academics

Posted on December 16, 2007 by Michael Froomkin

Commonly, the UK is the place where US anti-crypto policies get a dry run.

So pay attention to Ross Anderson's UK Crypto Export Duplicity:

Officials promptly did an end-run around this by making regulations to pass into UK law an EU regulation controlling the export of dual-use intangibles (reg 1334/2000), thus in effect defeating the will of parliament with a classic piece of policy laundering. We argued repeatedly at the time that the introduction of such regulations would criminalise many academics – for example if I put a remark on our security mailing list about cryptanalysis and it goes to George at Microsoft via Redmond – and also criminalise many software developers, who use algorithms such as AES much like duct tape. A government peer told me, “Look, dear boy, you can never get laws to fit the boundaries exactly – just trust us and keep proper records.” Officials said that they had no plans whatsoever to use export control laws against academics.

Earlier this year I was invited to a meeting at DTI along with folks from the Royal Society and UUK. The officials gleefully announced that they'd realised that academics weren't using the export control procedures and asked our opinion about how we could help them `raise awareness' and `market' their services. I reminded them that they'd promised not to. They denied this to my face. They also claimed that it had always been illegal to export intangibles and that the Act had made no difference. I reminded them that until the Export Control Act was passed they had no sanctions available against someone who exported crypto electronically, as the Export of Goods (Control) Order on which they'd previously relied applied only to physical goods. In fact the whole Act was justified to parliament by this arguement. They denied this to my face – even though I'd sat through the debate in the Lords, in the opposition experts' box.

Posted in Cryptography | Comments Off on UK Prepares to Enforce Crypto Export Control Against Academics

Geeky Humor: Upgrading Vista to XP

Posted on December 15, 2007 by Michael Froomkin

via Slashdot, this is really funny: Review: Windows XP:

Microsoft have really outdone themselves in delivering a brand new operating system that really excels in all the areas where Vista was sub-optimal. From my testing, discussions with friends and colleagues, and a review of the material out there on the web there seems to be no doubt whatsoever that that upgrade to XP is well worth the money. Microsoft can really pat themselves on the back for a job well done, delivering an operating system which is much faster and far more reliable than its predecessor. Anyone who thinks there are problems in the Microsoft Windows team need only point to this fantastic release and scoff loudly.

Posted in Software | 1 Comment

Passphrases and the Fifth Amendment

Posted on December 15, 2007 by Michael Froomkin

Declan has the scoop, Judge: Man can't be forced to divulge encryption passphrase:

A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.

Niedermeier tossed out a grand jury's subpoena that directed Sebastien Boucher to provide “any passwords” used with his Alienware laptop. “Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him,” the judge wrote in an order dated November 29 that went unnoticed until this week. “Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop.”

Full text of the decision in In Re Boucher, 2007 WL 4246473 (D. Vermont, Nov. 29, 2009).

Long ago I wrote a lot about encryption keys, and touched on this issue. You can read the articles at The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution, 143 U. Penn. L. Rev. 709 (1995) and especially It Came From Planet Clipper, 1996 U. Chi. L. Forum 15.

The heart of the argument is that things in your head are not like objects in your possession: the core value of the Fifth Amendment is that you can’t be made to speak in ways that indicate your guilt. Giving up a passphrase to an encrypted message ties you to the encrypted information; if the info is, say, child porn, it creates a very strong inference that you knew what the data were and that you possessed them (there are exceptions, including email some else sent to you that is decryptable with you private key, but ignore those scenarios for now).

Other people, notably the redoubtable Orin Kerr, who argue that there is no Fifth Amendment issue here tend to focus on the analogy of possession of a physical key to a physical lock. The law is pretty clear that you can’t stop the cops from taking a physical key on the grounds that the stuff inside that safe will tend to incriminate you.

But the law is also clear that the Fifth Amendment protects you from having to make an oral or written disclosure which is “testimonial” – that, is, whose content might tend to tie you to crime. (Note that “content” means “informational content” – you can be forced to give a meaningless writing sample for handwriting comparison purposes.) This is why the cops are not able to force suspects to take them to the dead body.

It seems to me that the pure compelled disclosure case is not that hard, and that this Magistrate Judge got it right. Note, however, that this decision, emanating from the lowest-level official in the federal court system, is not precedential for other courts; and since it is pretty brief its persuasive power may not be all that great either.

Nor do I think that making a defendant decrypt something without divulging the key would in any way solve the problem, as it still ties the defendant to the content.

The hard case for me would be if the police provided limited “use immunity”: they would promise not to make the fact that your key decrypted the info any part of the prosecution. Thus, for example, the indictment would just say the information was on your hard drive, without mentioning that you had the only key to decrypt it. I think, given the current state of doctrine, that courts might well hold this to be consistent with the Fifth Amendment, making the underlying provision little more than a fairly cumbersome technicality. Doctrinally, that is not such a hard result to foresee, but it is not as simple to explain why this would apply to a coded message and not a dead body.

The flip side of the hard case is when the government provides use immunity and the suspect/defendant claims he doesn't know or has forgotten the passphrase. Then what?

In fact, I do have one ancient PGP key for which I seem to have forgotten the passphrase, so I know it can happen. But in most cases the police are likely to view this sort of memory malfunction as unduly convenient.

Posted in Cryptography, Law: Constitutional Law | 4 Comments

Huckabee!

Posted on December 14, 2007 by Michael Froomkin

Dear Republicans,

Oh, please nominate Huckabee, please. I'm sure this video is only the beginning.

Yrs &tc.

Update (12/15): Opinions differ.

Posted in Politics: US: 2008 Elections | Comments Off on Huckabee!

French Firms Like Foreign Law Degrees

Posted on December 14, 2007 by Michael Froomkin

This surprised me:

Top French Attorneys Need US or U.K. Legal Degree | ABA Journal – Law News Now To get a top job at a law firm in France, a law degree from a well-regarded American or British law school is virtually required.

That's because France has no law school viewed as first-rank, so BigLaw firms looking for French lawyers view the foreign law degree as a virtual necessity, reports Bloomberg. Traditionally, the law has not been treated equally with business, government and economics in France—all three of which, unlike the law, are represented among the “Grandes Ecoles,” French institutions of higher learning that offer prestigious professional degrees to a select group. Legal education is offered at public universities that are open to a much larger pool of students.

Hence, major law firms looking for attorneys in France prefer candidates with a business or economics degree from a Grande Ecole and an American or British law degree, says Renaud Bonnet, who serves as recruiting partner for the Jones Day office in Paris. “It's no longer enough to just do law school.”

Many in France also see a need for more elite legal education there, and are promoting changes in the current system. “The legal profession is ascendant,'' says Louis Vogel, the Yale University-trained president of France's oldest law school. But for French attorneys to compete successfully with American and British lawyers, he says, “It is absolutely necessary to have a Grande Ecole of law.”

It's true that as far as I can tell there isn't as much interesting legal academic writing going on in France as I'd expect. There's lots of interesting academic writing going on there, some of it is about law, but a surprisingly small amount of it is by law faculty.

Surprising, though, that the legal profession in a country with a reputation for a degree of intellectual insularity and for having a conservative legal establishment would be so open to foreign credentials. Perhaps those reputations are undeserved?

Posted in Law: Practice | Comments Off on French Firms Like Foreign Law Degrees