Schneier on Security
A blog covering security and security technology.
« Terrorists, Steganography, and False Alarms |
| Unmanned Planes Patrolling Borders »
August 15, 2005
Cryptographically-Secured Murder Confession
From the Associated Press:
Joseph Duncan III is a computer expert who bragged online, days before authorities believe he killed three people in Idaho, about a tell-all journal that would not be accessed for decades, authorities say.
Duncan, 42, a convicted sex offender, figured technology would catch up in 30 years, "and then the world will know who I really was, and what I really did, and what I really thought," he wrote May 13.
Police seized Duncan's computer equipment from his Fargo apartment last August, when they were looking for evidence in a Detroit Lakes, Minn., child molestation case.
At least one compact disc and a part of his hard drive were encrypted well enough that one of the region's top computer forensic specialists could not access it, The Forum reported Monday.
This is the kind of story that the government likes to use to illustrate the dangers of encryption. How can we allow people to use strong encryption, they ask, if it means not being able to convict monsters like Duncan?
But how is this different than Duncan speaking the confession when no one was able to hear? Or writing it down and hiding it where no one could ever find it? Or not saying anything at all? If the police can't convict him without this confession -- which we only have his word for as existing -- then maybe he's innocent?
Technologies have good and bad uses. Encryption, telephones, cars: they're all used by both honest citizens and by criminals. For almost all technologies, the good far outweighs the bad. Banning a technology because the bad guys use it, denying everyone else the beneficial uses of that technology, is almost always a bad security trade-off.
EDITED TO ADD: Looking at the details of the encryption, it's certainly possible that the authorities will break the diary. It probably depends on how random a key Duncan chose, although possibly on whether or not there's an implementation error in the cryptographic software. If I had more details, I could speculate further.
Posted on August 15, 2005 at 2:17 PM
• 56 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The forensics expert was quoted in the AP article as saying Duncan's encryption was "without a doubt the most challenging system I've looked at". Duncan's own blog suggests it was just PGP!
It all started during the key escrow debates: what do we do if an employee loses or destroys the key? Very few could be persuaded that this was not the fault of encryption, but of procedures that allowed the destruction of the last plaintext or recoverable copy of the data.
Just as you say, there's no difference between that and any other method of hiding the data, which he had no reason to do except to gall the authorities. Simply destroying, or never creating, any evidence would have been much safer than of making a copy available which he hoped would not be recoverable.
As it is, the smug feeling of untouchability that was enabled by the strong encryption could well lead to his conviction.
You know the other thing that comes to mind is that maybe he is just telling them this. This disk could just be a lot of garbage data, or heck maybe it is Bruce Schneier's blog downloaded and encrypted. For example how many people have turned themselves in for the son of sam slayings that didn't do it they just wanted to have it for the fame or what ever. This guy could be just bragging and saying that there is data on the disk so someone works on the project for years to come. Maybe he is just wanting it to try to be some legacy to leave behind or some barganing chip to hold. Who knows what the mind of a crimal is holding. Also how do they know it is an encryption it could be a hash and the original message long gone.
When I saw the title, my mind immediately mapped "cryptographically secured" to "cryptographically authenticated". Assuming that what's in the files is actually a confession, and that it provides enough information to secure a conviction as well, I wonder how easy it's going to be to get it accepted in evidence in a principled fashion -- the claimed presence of encrypted files on a disk, followed by months of FBI custody, followed by remarkable extraction of precisely the data required for conviction would be a tough sell in many non-pedophile cases.
I'm completely in accord with Bruce's second paragraph -- if crypto believed to be proof against law enforcement were not available, it's as likely as not that a criminal as apparently skilled as this one wouldn't put a confession on disk in the first place. And then the police would be in the same position they are now.
Computer Expert? That's specific.
It appears he used PGP, which in the terms of everyday use is pretty decent stuff, but I doubt it'll take them long to find enough trace evidence to either guess the encryption key, or just brute force it.
They might want to first try by using all of his other passwords, and failing that by analyzing the way he constructed passwords. Generally people follow their own set of rules when thinking one up.
If I could pick one to try first, it'd be the one he used when updating his sick blog.
I believe the encrypted data is actually not important here. He did admit to the encrypted data (as far as I can tell) is important to his conviction. He practically admitted to doing it and the proof is the encrypted data. I figure the court doesn't even have to decrypt for a conviction. They would have to decrypt it to prove the data is worthless and he was lying about the data.
Also, don't forget the following:
A: They can hold him in contempt of court until he discloses the key. So he can happily rot in jail forever in any case.
B: There is probably all sorts of juicy forensics on his computer, in the erased space on the drive etc.
@Paul - ``the claimed presence of encrypted files on a disk, followed by months of FBI custody, followed by remarkable extraction of precisely the data required for conviction would be a tough sell in many non-pedophile cases."
This is exactly what computer forensics experts do? I don't know a great deal about the field, but these guys basically make an image of the disk and work on that copy. The ceased disk is never written to during the investigation (if this is not the case every bit has to be accounted for).
@jammit: Explain the difference between baseless bragging and admission of guilt.
There've been cases that sounded like a guy bragging, claiming he did things, to boost his reputation in jail -- and that being taken as a jailhouse confession.
I really doubt he would be bragging just to increase his jail reputation, if he's really a pedophile. Those are the sort of people that the rest of the criminals look down on. A reputation as a pedophile could do you much more harm than good in prison. (From what I recall--I don't really know firsthand).
Another possibility occurs to me. What if the authorities can't break the secured document, but claim they did anyway, and concoct an entire elaborate confession on his behalf, and pass it off as real? OK, maybe that's far-fetched, but not impossible.
Nicholas Weaver: As a general rule he can't be compelled to be reveal the key. "No person ... shall be compelled in any criminal case to be a witness against himself...." (Fifth Amendment, US Bill of Rights.) If giving the key to a pile of evidence against yourself isn't witnessing against yourself, I don't know what is.
If my (very cursory) understanding of the legal system is correct, the unencrypted documents would be submitted as exhibits and be available to the defense before the trial. The defendant would alert his council that the evidence is fabricated, and unless the prosecution could provide a very convincing demonstration in the face of the defense's expert witnesses, or something like that, the evidence would be ruled inadmissable. Laywers feel free to correct me.
Alan: I doubt it would be held as 5th ammendment violation, although I don't know of a precident one way or another.
It would be like a search warrant: You can't NOT let the cops in when they have a warrant, and they can throw you in jail if you do.
tempest in a teapot. as one poster noted, it could well be gibberish. he was found in a denny's with the little girl he'd been molesting for weeks, sole survivor of her family, who is according to reports sufficiently articulate to nail him. he isn't getting off. i don't give a f*** what's on that drive and i won't give him the satisfaction of showing concern about it. if commercial strong encryption is banned, i'll just buy mr. schneier's "applied cryptography" and roll my own strong encryption when i need it.
Some readers may remember a jailhouse interview with Curtis Dean Anderson, the molester who was convicted of killing Xiana Fairchild ... in the interview, Anderson bragged that once he was in jail, he'd just teach his 733t molester skills to other molesters in jail and you'd never stop him or them, nyah, nyah, nyah.
The 'confession' is only essential in the absence of standard forensic evidence; it is probably of interest to prosecutors in terms of learning if the suspect had done extensive planning and/or admits to other crimes that had, up to this point, been unsolved.
The defense says the document is fabricated, then the prosecution demonstrates how they decrypted the same doc. Only thing is, they're decrypting their own encrypted file, not the real one. But how can it be proven not to be genuine? Oh well, I was just being devil's half-assed advocate. I'm tired as shit so ... whatever.
Just be careful in your implementation of those algorithms! Writing crypto software isn't a task to be taken lightly.
Are there any lawyer types or law-savvy people who know what the legal precedent is regarding the confiscation of encryption keys? It doesn't look like they're going to force this guy to give his up.
I bet there'd be a lot of people willing to participate in a distributed-computing program to help crack that encryption...
Right on PH! Much better use of my spare CPU cycles than the remote chance I might find evidence of intelligence in some far-off star system.
"A reputation as a pedophile could do you much more harm than good in prison. (From what I recall--I don't really know firsthand)."
Unfortunately, I _am_ in the position of knowing this first-hand. Indeed, he is not doing himself any favors by drawing such media attention to himself. He should be doing everything he possibly can to keep his charges under wraps. His arrogance will quite possibly be his own undoing.
This guy is a convicted pedophile. If he is caught again, he'll fry. Might he be just testing whether PGP really is secure for future activities?...
Say the plaintext reveals a tantalising promise of 'evidence' that law enforcement could only access with the knowledge of Duncan himself, perhaps because it is overseen by a trusted acquaintance or in a place where a search would cause such disruption that he would get to know about it.
By publicly bragging, Duncan is effectively taunting law enforcement with their failure to access the 'evidence' in a multiple homicide, the crime warranting the greatest expediture of law enforcement resources.
Now, IANAL but it seems by doing his bragging to a third party, he has plausible deniability for a charge of wasting police time, yet can observe the results of the investigation and thus know with a high degree of certainty whether PGP is secure for any other activities he might have planned. Furthermore, by leading law enforcement on a wild goose chase this time and maybe next, might he not also reduce the chance that they will waste resources trying to decrypt other/future files he may have which are not so innocent?
Maybe the alleged evidence that is encrypted on the killer's computer was designed to appear to exhonerate him, and he intentionally used cryptographic software that has an undiscoverd (as-of-yet) flaw he believes will result in the authorities cracking it, in the middle of his trial.
So I seemed to miss the link between this story and "the government likes to use to illustrate the dangers of encryption" - is there really such a push by the government? Seems like the available technology is fairly robust and accessible (although exporting it is a different case being handled as a 'munition').
@Roy Owens. If I brag about my radar detector allowing me to go 90mi/hr without setting off radar, and a cop (or anybody else) hears me, I admitted to speeding. I 'am' the proof and my words 'will' be used against me in a court of law.
@PsychoHazard. Good point. Who do we contact to offer services? I can throw together approximately 20 junk computers with the average processor of PII/300mhz. I know it's tiny, but anything will help.
What if you brag but do not own a car, nor have rented/borrowed one at the time of allaged speeding? Just bragging is not a crime, I assume. Not even in USA.
The same applies to murders, rapes, and child molesting cases.
From Boyd v. US:
"[W]e have been unable to perceive that the seizure of a man's private books and papers to be used in evidence against him is substantially different from compelling him to be a witness against himself."
Forcing someone to reveal an encryption key to his diary would likely be ruled as a violation of the Fifth Amendment. Of course, that only means that the diary inadmissible as evidence in a criminal trial. The Fifth doesn't prohibit the government from compelling him to reveal its contents. The public has a right to know, which sometimes trumps the right to privacy implied by the Fourth Amendment. The government can make a good case saying the diary is critical to the investigation of this and possibly other cases.
Most likely, the password is written on a post-it note somewhere on his computer desk.
30 years? That's a high estimate, it didn't even take that long for DES to go from the government's "secure" rating to their "too broken to use for secure stuff" rating. I highly doubt that it will be 30 years before the technology exists to break his encryption. If I had to place a bet, I place heavy money on the fact that it'll actually be closer to three.
"Banning a technology because the bad guys use it, denying everyone else the beneficial uses of that technology, is almost always a bad security trade-off."
The government isn't seeking to ban encryption. What it is trying to do is regulate its use. Of the other useful technologies you noted, Bruce, which one is completely unregulated? And how does regulation in on itself diminishes the usefulness of a technology?
If we assume computation power continues to progress according to Moore's Law, it means after 30 years we'll be able to brute-force a key 20 bits longer than that we can today. Unless a relatively short key was used, the number given isn't high at all.
Just as I believe that cryptography isn't a weapon (it's the people that kill), I also believe that it's not the cryptography that molest children, but the offender.
"This is the kind of story that the government likes to use to illustrate the dangers of encryption. How can we allow people to use strong encryption, they ask, if it means not being able to convict monsters like Duncan?"
this is shortsighted. full circle like it industry is 360°.
@Jammit (on bragging then getting off)
A tv journalist presented footage of herself getting onto a plane with boxcutter to demonstrate security failures. Australian Federal Police charged her with having weapon on the plane. Her succesful defence was that the footage was inconclusive. Nonethless, the producers "stood by the story".
To get back to the point I believe Bruce was trying to make, it's worthless trying to use a story like this to justify controls on cryptography.
If the defendent was aware of controls over cryptography that would give police access to his encrypted confession, he would never have written down and encrypted his confession in the first place.
So the law would have been enforced, money would have been spent, liberties would have been eroded, and the law enforcement community would have gained absolutely nothing.
I very much doubt any of us are against effective security controls, especially those that work against paedophiles. However, regulating encryption is not one of them. The crypto rabbit is out of the hat: stop trying to shoot it!
When encryption becomes illegal, only criminals will have encryption.
On the subject of a possible 5th amendment question - I'm far from an expert on the US legal system, but surely there is good evidence that by creating the so-called confession in the first place, he deliberately and intentionally inciminated himself?
Surely this is different to someone inadvertantly saying or being lead into saying something against their will that would tend to prove their guilt?
I would imagine that the spirit of the 5th amendment is aimed at the latter situation, i.e. protecting people from being lead into saying something that would not help their defence, rather than helping an individual to protect himself legally having first deliberately carried out an act that he knew was potenitally capable of being covered by this law?
If that makes sense....
I'd advise folks to read the full story. The computer files are from a year ago. The accused was arrested, released on bail, and disappeared. He's since been arrested in another state, in connection with murders and abduction.
So the computer evidence is largely irrelevant, though it may let some past suspicions be resolved.
And we just don't know how much expertise the investigator has. Maybe, as far an encryption is concerned, the answer is "not much".
Using the spectre of drugs, terrorism, and paedophilia to sell government control over encryption is not quite as transparently disingenuous as using school funding as a justification for raffling off the state treasury, but it's close; at least there's some plausible connection between criminal activities and encryption.
Nevertheless, the same kind of rhetorical device, akin to the famous "red herring", is being used - make a connection, however tenuous, between what you want and something no one could sanely oppose, and concentrate on making your opponents look like they're opposing that.
As you point out at the end of your article, Bruce, it's a bad idea, and not even likely to help those who are pushing it.
"To get back to the point I believe Bruce was trying to make, it's worthless trying to use a story like this to justify controls on cryptography."
It's equally worthless to use a story like this as a counter-argument. Paedophiles don't use encryption to hide their confessions. They use it for transferring child pornography. The existence of a market for such materials necessarily means the sexual exploitation of childern. I've yet heard a good argument how the suffering of a child is a good security trade-off for zero regulation over cryptography.
as a retired california lawyer now living in oregon, it appears to me that the fifth amendment is a bar to forcing him to reveal the key.
the only way prosecutors might get around that is to impanel a grand jury, give the witness use immunity and ask him for the key. use immunity means they can't use what they find in prosecution, as opposed to transactional immunity which means they can't prosecute him at all, courts have upheld that limited use immunity.
if the witness refuses to answer the question, he goes to jail for civil contempt for the duration of the grand jury's term (then the prosecutor just impanels another grand jury). remember susan mcdougal and the whitewater case?
this is in contrast to the u.k. which doesn't have a fifth amendment, and where a law was recently passed making it a criminal offense to refuse to give law enforcement the key to encrypted matter.
I know a bit about this topic from a past life.
"Paedophiles don't use encryption to hide their confessions. They use it for transferring child pornography."
That's true for some, but not all. Generally they use protocols layered over SSL or TLS, like nntps. I'm not sure what kind of regulation you have in mind. If you're implying cryptographic protocols should have backdoors for government use to monitor data in transit, as someone who uses SSL regularly to protect my credit card information and other private data, this idea concerns me. Perhaps you're a proponent of a law which requires under warrant a suspect to provide the keys. This would be problematic for SSL. I'm not sure too many people would happen to know the randomly generated session key.
I suppose what you're really talking about is cryptography used to protect stored data, not data in transit. Should this type of cryptographic software also offer a backdoor to law enforcement? Should government regulate the strength of cryptography that can be used by individuals? Do you think this would solve or mitigate the problem, and that the resulting insecurity is an acceptable tradeoff?
"The existence of a market for such materials necessarily means the sexual exploitation of childern."
Here is an unfortunate fact: cryptography or no, this market is not going away. Ever. Pedophilia has been around for a long, long time, and it's not going to vanish because of regulations placed on cryptography. Some percentage (less than 100%) of pedophiles will seek out child pornography. Some percentage of that (much less than 100%) will voluntarily pay for it (which is the greatest factor in creating demand). Some others still will produce it to address that demand. Cryptography is a tool which enables some of those people to get away with it. But people have been getting away with it for decades before the advent of cryptography on computers.
Education is by far a better tool for fighting child abuse than trying to make this a matter of technology. Children are more aware today as to what it appropriate physical contact and what isn't. (The "don't talk to strangers" mantra isn't as significant in prevention as the amount of predatorial child abuse is by far less than opportunitistic abuse.) But education can't stop there. Society is sending the wrong message to pedophiles. Society as a collective tells pedophiles they're sick and uncurable lepers, societal pariahs and outcasts. Pedophiles tend to have a degree of antisocial inclination to begin with, and this message only exacerbates the problem. If education addresses adults with sexual proclivities toward children as well, this will be overwhelmingly more successful than trying to regulate cryptography. And likely cheaper in the end, as well.
The "won't _somebody_ please think of the children!" attitude is getting tiresome these days. It's getting ridiculous. People have knee-jerk reactions without truly understanding the social problems, and even less so the technological ones. If someone asks me, "If government bans or regulates encryption and that saves even one child from being abused, isn't it worth it?" No, it's not. I don't mean to sound callous, because the very notion of abused children breaks my heart, but the reality is not that simple. There are incalculable costs to the kind of regulation people think is viable.
Many interesting points in this debate. It would be interesting to see what the law finally does in this case. It could then be used as a precedent in future cases.
I think I went off topic. I was worried about the kids as well, forgetting this is really about the "crime" of cryptography. It is difficult to not "think of the children" when children are actually involved. As far as bragging, bragging is basically talking, and talking about having done a crime is still admitting to it. Perhaps you won't get busted for driving over the speed limit in a car you've never driven, but you still have to go to court to defend yourself. This pedophile is already in deep without the need for the encrypted data. The data is just another bullet in the head. Even bringing up the fact the data is special, ultra hardcore, double rot13 encrypted is just fear mongering.
What's the evidence value of an encrypted file that says "I buried Jimmy Hoffa"? Just because I have a file that says that isn't even hearsay against me. It would have to be a detailed confession with substantial information that "only the killer" could know for it to be worth decrypting. Unless it's a MPEG movie of the murder I don't see it having much jury appeal. I see a lot more value in decrypting financial records in a RICO case or some civil matter.
Looks to me like cheap publicity seeking on both sides of the case. I wonder why when the other evidence seems solid from the press reports.
There is the very real posability that his files may never be decrypted, or if they are in a way that is not submisable in a court (or any other place for that mater).
Assume he is usuing a variation on a One Time Pad or other system where the key is as long as the plain text. If the key where truly randomly created, then any decrypted message would be just as valid as any other...
Even assuming it was not trully random the arguments would then fall back to what kind of determanistic key stream generator did he use, and then which of the many many possible keys is the most likley, the shorter the message the greater the problem.
This falls back onto how cleaver / sloppy he was when he built the encryption system he used.
It is not to difficult to design a system whereby you start of with two "styalistic messages", one is your confesion the other the first chapter of some little known novel or some such that has been run through a thesaurus to hide the original work. you then make a series of hybrid keys, use one combination to get one message, use another to get the other message...
Providing he was cautious and not sloppy it's basically a no win situation for anybody trying to break the encrption and get a conviction, reasonable doubt will always prevail in his favour.
Just curious - if he encrypted w/ blowfish using a 448 bit key... what odds would you place on mankind being able to decrypt the message within the next 30 years (with nothing more than the algorithm and ciphertext). Obviously brute force would be right out, so the question is really one of the mathematics of cryptogrpaphy - do you think there is any chance that the blowfish could be cracked in the next 30 years?
For those wishing to roll their own encryption... just go to pgpi.com and download the PGP source code or buy a book with the source code printed on it. This is how pgpi was created years back before the lightening of the encryption export rules. The source code was printed and published in the US. The code was then OCR'd in Europe and compiled into a full working pgp program.
Can someone enlighten me... where is the story here?
Is someone claiming that the US is trying to ban cryptography? (I guess someone should then tell the guys at MagicQ to stop selling their quantum encryption systems.)
Or is it as Chung Leong claims some regulation of the technology - and if that is the case what is the startling news? (That you can't sell it to Syria?)
I'm not a proponent of anything in particular. I just disagree with this notion that by its nature cryptography somehow should be complete free of regulation. But for the sake of argument, let us take the old Escrowed Encryption Standard proposal. Personally, I'm comfortable enough with the scheme. Under it, the general public would continue to benefit from encryption technology. Critics talk about security trade-offs. Well, what are they? All I hear are nebulous arguments all boiling down to dislike/distrust of our government. In fact, had the scheme been put into place and all computers were mandated to have the Clipper chip, our everyday communication would likely be much more secure than it's now.
Whether he is guilty or not doesn't affect my right to have and use encryption software.
What happens when we invent technology that can scan memories from a human brain? It's possible on the near horizon.
Your views are personal to your self and at veriance to a US citizens rights, I suspect though that a lot of Americans would like certain aspects of the constitution to be not only enshrined in law but also in fact.
I suspect they like the bit about,
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Given in the bill of rights Amendment IV and of course Amendment V
"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."
Being a UK citizen I would long for a law that would not alow the Government or their apointed agents to make me in"secure in my papers" and use them as "Witness agianst" me.
Untill it's passed and has a reliable enforcment mechanisum I will stick with strong crypto.
If someone's in court and says he/she has relevant information in encrypted form but refuses to give the key that's obviously contempt of court.
And in this case why'd they even need the encryption when:
"Authorities also allege Duncan kidnapped 8-year-old Shasta Groene and her 9-year-old brother Dylan, and sexually assaulted them. Shasta was found with Duncan on July 2, and Dylan's body was found a few days later."
...they already found him with the victim.
For these crimes they don't, they might concevably need it to uncover his other sofar undetectected crimes probably not. From the public point is it going to achive anything like an incress in sentance, again probably not (apart from bringing closure to the victims families).
However it's not realy the point, various three letter agencies have been steadily trying for many years to get strong crypto baned, not just in the USA but in other parts of the world.
Louis Freech when at the FBI spent a considerable period of time in Europe trying to get countries without a constitution or bill of rights to implement crypto restrictions, to a certain extent he suseeded (UK RIPA etc). I suspect if he had been more succesfull he would have used it as a lever against US politicians with the old "They have done it so why won't you?"
The TLA's old tactic used to be the "If you knew what I know" tactic, however most politicians have wised up to that, so the TLA's had to try several new tactics, one of which is to repeatedly say "We could not do X because suspect Y used strong crypto", they also make press leeks about terorists usuing the Web to send hidden messages (via stego etc) all of which when properly investigated turn out to be fairly baseless
When you get down to it, it's the old mud slinging game, throw enough at the fan, and some of it's going to hit your target, and guess what some might even stick, because you are too busy wiping the rest off...
Which is why the Patriot act was such an oportunity for them...
I know I sound cynical but as was once said before "the price of freedom is eternal vigilance" or "the devil does his work in strange ways".
"However it's not realy the point, various three letter agencies have been steadily trying for many years to get strong crypto baned, not just in the USA but in other parts of the world."
So to defend everyone's right for strong cryptography it's ok to free child molesters, kidnappers and killers because part of the evidence against them happens to involve strong cyptography, broken ciphers or the like?
Like all evidence, even cryptography's just evidence. It's the court's job to decide if it's relevant or not (and reading that "Associated Press" article I don't see even its writer arguing that cryptography should be banned because bad guys use it).
RE: Cracking the encryption - I don't think that it will take 30 years to do so. To be honest, I think NSA already knows, or will know relatively soon, how to crack the code. The problem is, I doubt NSA will. Cracking the code would give insight into their capabilities, and the more mysterious they keep those, the better. Their point of view will simply be that this asshole will die in prison, or his cancer will get him before the death penalty appeals process exhausts itself, so why should NSA show their cards?
RE: Compelling him to reveal the key - Never going to happen. As a prosecutor, I can state pretty firmly that he does not have to say a damn word to anyone, especially since formal criminal proceedings have been initiated. Besides, assuming arguendo that he were lawfully ordered to reveal the key and refused, what are they going to do to him? Put him in jail? He's already serving a 251-year sentence. Somehow, I don't think that would help.
RE: Proof being encrypted data - This isn't going to work in and of itself. There are wackjobs "confessing" to crimes all the time. That's why we have the "corpus delicti" rule. Simply says that a confession is not enough. You have to have some other evidence implicating the confessor. Besides, in this case, what did he really say? He said that the information related to other things he had done, not necessarily Xiana's death. For the files to be used in any truly meaningful way, they'll have to be decrypted.
Just felt like throwing my hat in the ring...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.