Ari David Levie, who was convicted of taking illegal photographs of a
nude 9-year-old girl, argued on appeal that the PGP encryption utility
on his computer was irrelevant and should not have been admitted as
evidence during his trial. PGP stands for Pretty Good Privacy and is
sold by PGP Inc. of Palo Alto, Calif.
But the Minnesota appeals
court ruled 3-0 that the trial judge was correct to let that
information be used when handing down a guilty verdict.
"We find that evidence of appellant's Internet use and the existence
of an encryption program on his computer was at least somewhat relevant
to the state's case against him," Judge R.A. Randall wrote in an opinion dated May 3.
The court didn't say that police had unearthed any encrypted files or
how it would view the use of standard software like OS X's FileVault.
Rather, Levie's conviction was based on the in-person testimony of the
girl who said she was paid to pose nude, coupled with the history of
searches for "Lolitas" in Levie's Web browser.
I don't have any sympathy for the defendent, who
appears to have been rightfully charged and convicted through real
evidence. But I am concerned by the claim that the presence of
PGP software was relevant to this case. The prosecution
apparantly did not allege that PGP was actually used to hide evidence,
just that it was present. It's easy for encryption software to be
present, and used for entirely legitimate purposes. Mere presence
does not imply criminal activity.
If there's any doubt about this, consider the case of a web
browser. All modern PC-based web browsers support
encryption. Is that evidence of criminal activity? Many
modern email clients support encryption. What about that?
The fact is, encryption technology is just software. It can hide
evidence, but it can also hide things that are perfectly
legitimate. The 5th Amendment tells us we aren't obligated to
self-incriminate -- and that means that we shouldn't have to hand over
encryption keys upon a police demand. (I make no promises that a
court would agree, of course). What encryption software can't do
is actually hurt anyone
. It doesn't commit crimes. It's just information about information.
If the mere presence of encryption software is allowed to create a
presumption of guilt, or even be included in a trial as "evidence" of
criminal intent, then everyone who uses a computer "has criminal
Even in this case, we don't need silly gyrations around encryption software to catch, charge, and convict.