Posted by: Ken Harthun
Email security, Encryption, Opinion, Security, SSL
“A 15-year-old Californian caught with a stolen scooter while high on drugs has been banned from using encryption – despite the lack of any computer crime element to his alleged offences. In fact, there was actually no computer involved in the commission of the crime at all.” So begins this article in The Register.
What idiocy–or paranoia–is this? It never ceases to amaze me that otherwise educated people, like lawyers and judges, can be so stupid when it comes to technology. Encryption has nothing to do with the theft of a piece of physical property by any stretch of the imagination. Sure, if the kid was stealing money out of bank accounts or hacking debit card machines or something like that, it would make sense. But this crime had nothing to do with computers and banning him from using encryption isn’t going to prevent him from committing a similar crime in the future.
At first, the kid was completely banned from using a computer except for doing schoolwork. That meant no social networking, Facebook, etc. Here’s an excerpt from the ruling:
[J.J.] shall not use a computer that contains any encryption, hacking, cracking, scanning, keystroke monitoring, security testing, steganography, Trojan or virus software.
[J.J.] is prohibited from participating in chat rooms, using instant messaging such as ICQ, MySpace, Facebook, or other similar communication programs.
[J.J.] shall not have a MySpace page, a Facebook page, or any other similar page and shall delete any existing page. [J.J.] shall not use MySpace, Facebook, or any similar program.
[J.J.] is not to use a computer for any purpose other than school related assignments. [J.J.] is to be supervised when using a computer in the common area of [his] residence or in a school setting.
What? Did the judge think that he was going to contact his scooter chop shop crime syndicate co-conspirators? Fortunately, some reason prevailed and an appellate judge lifted most of these restrictions as being in violation of First Amendment rights:
Through the use of chat rooms, any person with a phone line can become a town crier with a voice that resonates farther than it could from any soapbox. Through the use of Web pages, mail exploders, and newsgroups, the same individual can become a pamphleteer. . . . Two hundred years after the framers ratified the Constitution, the Net has taught us what the First Amendment means.
Score a point for that judge. However, the restriction not to use “encryption, hacking, cracking, scanning, keystroke monitoring, security testing, steganography, Trojan or virus software” wasn’t completely lifted and was only modified to prohibit him from “knowingly” using a computer with these things.
That someone can be so completely clueless about technology as to rob someone of their ability to use their Gmail account (it uses SSL) or to even log into Yahoo! mail or Hotmail (both use SSL during login) is disturbing. The appellate judge, regardless of the position he took above, still doesn’t have a clue as to what the First Amendment really means: He has completely taken away J.J.’s ability to communicate via those particular webmail accounts. Moreover, he has forced J.J. to be totally insecure with any login to any account he may have on any server that requires SSL.
That’s not acceptable.