Slashdot Mirror
Encryption Passphrase Protected by the 5th Amendment
Takichi writes "A federal judge in Vermont has ruled that prosecutors can't force the defendant to divulge his PGP passphrase. The ruling was given on the basis that the passphrase is protected under the 5th amendment to the United States Constitution (protection against self-incrimination)." The question comes down to, is your password the contents of your brain, or the keys to a safe.
So.... this tells me two things... first, that the government cannot force you to give up your PGP passphrase.... but possibly more important, the government (currently) cannot break PGP encryptopn.
Hmmm....
Worse!
Liberals!
Ubiquitously - A Ubiquity Developer Community
Read the article:
If the subpoena is requesting production of the files in drive Z, the foregone conclusion doctrine does not apply. While the government has seen some of the files on drive Z, it has not viewed all or even most of them. While the government may know of the existence and location of the files it has previously viewed, it does not know of the existence of other files on drive Z that may contain incriminating material. By compelling entry of the password the government would be compelling production of all the files on drive Z, both known and unknown.
By giving the government his password, the judge held, that the defendant was incriminating himself by opening up all of his files that weren't pertinent to the investigation. That was my take on it. *I am not a lawyer, but I scored high on critical reading on the SAT's, for what it's worth.
I got a catholic block.
By giving the government his password, the judge held, that the defendant was incriminating himself by opening up all of his files that weren't pertinent to the investigation.
Quite the opposite. By giving the password the defendant may incriminate himself by opening files containing incriminating (and pertinent) information, but unknown to the government prior to that.
Thank God...FINALLY, a score for US privacy rights...and upholding our Constitutional rights!!!
You just don't see that much any more.....
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Yes, and it's perfectly legal for those investigators to try to decrypt your files themselves. What they CAN'T do is say, "Tell us where the incriminating evidence in your house is, or we'll put you in jail," or "Give us an itemized list of every single thing in your house so we can decide what is incriminating, or we'll put you in jail." Neither can they say, "Give us your encryption password or we'll put you in jail."
This is so painfully obvious that I'm somewhat concerned that it took so long for a judge to rule in this manner. On the other hand I am relieved it has finally happened.
Well, there is that whole pesky link in TFA to the decision.
;) This password is similar to a combination lock. However, in this case, the government had already seen some of the files contained within his encrypted drive. There is a question as to whether the government's knowledge of the preexisting files would be enough to force the turnover of the password. The government argued that they would allow the suspect to enter the password without supervision, meaning that the government wouldn't be able to use the entry itself in court. In the past, the government has tried to prosecute someone when they had immunity for turning over documents by arguing that said documents themselves were incriminating,. not just that the suspect kept them. The supreme court found that reasoning to be bull. Someone is protected via the 5th amendment by all fallout of their testimony via immunity.
But I'm nice and I found it an interesting read, so I will summarize it. There are a great many of cases involving what and when the government can force someone to turn over documents. Generally, things which don't represent what's in your mind can be forced over. An example would be a key to a lock as compared to a combination lock. The former exists, and is known to exist, and the latter's turnover requires the suspect to devolve information contained within his mind, which would be tantamount to testifying.
In this case, there is some splitting of legal hairs, and my description will be less than sound. While IANAL, I am marrying one
As I already rambled here, the government argues that they knew of the files, and that they had already seen the files. As such, the defendant needed to turn over the password. Something similar has been done previously, where the government knew that a suspect had a document in his possession,and the court forced its turnover. In this case, however, the judge unacknowledged that the prosecution has seen only a small number of the files on the encrypted drive, and that they were almost certainly incriminating. As such, the judge decided that he couldn't order the defendant to turn over the password as the governmetn would have access to new files it knew nothing about.
So, the lesson here is to just not talk to the police without your lawyer present, and don't fricking enter passwords to your files without a court order.
If the passphrase is considered keys to a safe, and you are therefore likely to be forced to divulge it, then you can avoid trouble by using an encryption system, like TrueCrypt, that supports plausible deniability. Inside the encrypted volume, blank space is always filled with random data, which can also be another nested encrypted volume. Without the correct passphrase, nobody can prove that the random bits are anything more than random bits.
This case is a very interesting overlap between 4th Amendment "right to privacy" cases and 5th Amendment "right not to self-incriminate" cases. I personally think that if the government can't break the encryption to "prove" what is hidden from them, they have no right to force the owner to do their work for them. People have a right to keep stuff private, and if they've hidden it effectively, then tough shit for the cops.
I acknowledge that child porn is inherently harmful to the children involved, and that laws targeting possession of child porn are therefore valid so far as they aim to protect children by destroying the market for the exploitative and harmful material. And there is no first-amendment protection for child porn. But the cops still can't break into your house without a warrant just because they they think you have pictures of naked kids inside, and they can't wiretap your internet connection without a court order (heh, they can't LEGALLY, even though it's probably going on right now OMGHI2NSA). Those are 4th amendment rights. But the 5th amendment kicks in to say that even with a court order and a valid warrant, the cops in your house can't force you to tell them which floorboard is the loose one with the bloody knife hidden under it. If you refuse to tell them, they have to find it on their own-- and if they can't find it, they can't use it as evidence against you. That's exactly how the 5th amendment is supposed to work.
A police force with the power to compel self-incriminating testimony becomes the enemy of any citizen who wishes to lawfully express dissent with any policy of government. The 5th Amendment is the most powerful safeguard citizens have against confessions extracted via torture finding purchase in US courts.
From the decision itself (lifted from that post at Volokh Conspiracy), bolded emphasis is mine:
Humpty Dumpty was pushed.
I always thought the 5th amendment served two main purposes:
1. Prevent the government from compelling individuals to confess (through torture, or other means).
2. Give weight to confessions by ensuring that they were not obtained through torture.
Perhaps it will be illustrative to take the computer out of it, since we tend to get distracted by the technology. To me it seems pretty clear that if someone is arrested carrying a letter that was encoded with a cipher with information that may or may not be relevant to the case, that the person could not be compelled under law to explain how to decrypt the letter, whether to law enforcement or in court. Of course that couldn't stop the officials from attempting to break the cipher. But just because modern encryption is more difficult to crack than a hand cipher, I don't believe that changes the nature of the situation.
I had a hard time deciding whether to reply to your comment or moderate it "interesting." I emphatically disagree with your post, but you make a good point. True, forcing defendants to give up their encryption keys would result in more convictions.
But as a society, we place a higher priority in personal liberty than on catching the maximum number of criminals. There are states that invert these two concepts: we call them "police states". I, for one, would rather live in a society where a few guilty people walk free because we can't crack their encryption than live in one where I can hide nothing from the government. It's a question of priorities.
Botnets cannot break decent encryption either.
What a lot of people fail to realise is that encryption can be made unbreakable even by brute force by simply choosing a large enough encryption key. What people also fail to realise is that 256 bit encryption doesn't take twice as long to crack as 128 bit encryption. It in fact takes 2^128 times as long to crack.
Let's for a second assume that 128 bit encryption is crackable by your own personal home computer in a period of 1 hour.
136 bit encryption would take 2^8 times as long (250 times as long)... so we use 250 computers, and crack it in 1 hour still.
144 bit encryption takes again 250 times as long, so instead we use 250 superpowerful server computers and crack it in 1 hour.
156 bit encryption takes another 250 times longer, so we use a top-secret government super computer the size of the Pentagon and still crack it in 1 hour.
164 bit encryption takes.. you guess it, 250 times longer to crack. All the governments in the world pool their top-secret super computers and crack your content in.. 1 hour.
172 bit encryption takes 250 times longer to crack. We use all the computers on the entire planet and manage to crack it in 1 hour.
180 bit encryption takes 250 times longer to crack. We use all those computers, but let them run 250 hours (10 days) instead.
188 bit encryption takes 250 times longer to crack. We let those computers run 6 years to crack your password.
192 bit encryption takes 250 times longer to crack... never mind, we're not THAT interested in your personal photo album.
This is simply incorrect, from http://www.archives.gov/national-archives-experience/charters/constitution_transcript.html
Article. V.
The Congress, whenever two thirds of both Houses shall deem it necessary, shall propose Amendments to this Constitution, or, on the Application of the Legislatures of two thirds of the several States, shall call a Convention for proposing Amendments, which, in either Case, shall be valid to all Intents and Purposes, as Part of this Constitution, when ratified by the Legislatures of three fourths of the several States, or by Conventions in three fourths thereof, as the one or the other Mode of Ratification may be proposed by the Congress; Provided that no Amendment which may be made prior to the Year One thousand eight hundred and eight shall in any Manner affect the first and fourth Clauses in the Ninth Section of the first Article; and that no State, without its Consent, shall be deprived of its equal Suffrage in the Senate.
How the hell did the parent post get a +5 informative of all things?!