Slashdot Mirror
US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive
A Commentor writes "Perhaps to balance the good news with the Supreme Court ruling on GPS, a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption, and 'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer."
"I forgot."
I find it funny that a quick search on the subject yielded an article from the same site, with the opposite finding.
Article in 2007: Judge: Man can't be forced to divulge encryption passphrase
http://news.cnet.com/8301-13578_3-9834495-38.html
Article in 2012: Judge: Americans can be forced to decrypt their laptops
http://news.cnet.com/8301-31921_3-57364330-281/judge-americans-can-be-forced-to-decrypt-their-laptops/
I'm fine with them breaking your encryption if they have probable cause; however, forcing you to give the password does seem to have a pretty straight-forward logical path to incriminating yourself (Especially if you are guilty and a subsequent search will yield something on the device).
It's been fairly clearly defined in the past that you are not in any way expected to aid the police during the execution of a warrant, providing keys, passwords, etc is not required be it for the front door, a safe, a computer, etc. You may OFFER to provide them (so they don't need to damage your front door), but you are undre NO obligation to do so.
The 5th amendment does not protect you from being required to provide subpoenaed materials. It just means you dont have to testify or speak out about maters which may incriminate you. I can easily see how supplying a password or decryption key would not be covered. But it would be a hard call to make in my opinion.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Ah, but incriminating evidence of what? She might be completely innocent of what she's charged with but guilty of something else. In fact, she probably is, and so are you.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
You've been reading this again, haven't you!
"Prosecutors in this case have stressed that they don't actually require the passphrase itself, and today's order appears to permit Fricosu to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding "the password to the drive, either orally or in written form."
So this quote makes me wonder, what encryption software is out there that can be configured with a "doomsday" passphrase that will automatically begin some sort of secure delete process when entered? Of course with a fancy "decryption in progress" dialog window or something?
I guess if they figure out what you did, you could be charged with destruction of evidence but if that is a lesser sentence than the wire fraud it wouldn't be a bad move.
I think one of the first things they do is make an image of your hard drive, preserving the data, no matter what you do to it. Much better to keep the key itself on destructible media and destroy it when the cops knock at your door. Or steganographically hide it in plain sight in the digital picture frame with your kid's pictures. Without the passphrase, they can't prove that a suitably random key exists in a JPG.
What's the problem with this? If the prosecution knows the defendant owns a pistol and is accusing the defendant of robbing a liquor store with a pistol, the prosecution is certainly within its rights to subpoena the defendant to produce the pistol so it can be tested against the three slugs pulled out of the counter clerk.
The defendant can claim the pistol doesn't exist (in which case the prosecution has to be able to prove it does), the defendant can claim it was lost or stolen, or ... etc. There are a ton of ways to prevent turning over the pistol. However, none of these ways invalidate the central fact, which is that the subpoena is valid and enforceable: if the prosecution can demonstrate you have the pistol, the judge will happily put you in jail until you turn it over to the prosecution.
You can be held in contempt of court and imprisoned indefinitely until you decide to cooperate. This is often used on journalists who refuse to reveal their sources.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The problem is the judge can throw you in jail for contempt to "give you time to remember". One guy spent 14 yrs in jail for contempt (H. Beatty Chadwick). In his case, according to Wikipedia, he was jailed "solely on the word of Chadwick's wife".
destruction of a key is not destruction of evidence. The evidence is still intact - just encrypted.
Operation Guillotine is in effect.
England already has laws that force suspects to decrypt their hard drives... but maybe you were ironically referring to that?
You are aware that the first thing they do is to create a copy of the files. Actually, an image of the file system.
The very first thing you do in forensics is to create an image. Standard procedure. A bit for bit identical duplicate. Destroy it all you want, the only thing you accomplish is to piss me off because I have to repeat that procedure.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The argument goes like this:
You can't be forced to testify against yourself. You can be forced to provide evidence that may incriminate you - that's the whole point of a warrant.
So it's something you know, vs something you have.
So if you had a smartcard to unlock encrypted data, you could be forced to hand it over, same as a safe key.
So what if it's something you know that is the key, like the passphrase or combination to the safe?
Well, as long as the passphrase or combination in itself is not incriminating (i.e. they don't open something you don't own) then it's treated as evidence, not testimony.
If you claim you've forgotten it, and the judge thinks you're lying, then you can be found in contempt of court until you remember, for withholding evidence.
I'm not saying its fair, but it is consistent with prior law and practise.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
so remind us all how PATRIOT got passed??
I didn't say that unconstitutional statutory law cannot be passed. I said that it cannot overrule the constitution, and thus is null and void. ... I'm going to note here as well, that doesn't mean that the executive won't enforce an unconstitutional statutory law either, but you're perfectly within your first amendment rights to petition for a redress of your grievance with the courts.
For instance, Rosa Parks committed a crime by not sitting at the back of the bus. She was arrested and sent to jail. Civil disobedience is one of the fastest ways to get a legal argument for unconstitutionality before the court, but it does not come free, and it does not exempt you from suffering as a result of breaking the law. However, if the courts do eventually agree with you, you can seek compensation for being punished for violating a law that was null and void. But you will still have to suffer harm at first.
WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
This has been talked about on the TrueCrypt forums ad nauseum: A suggestion that the utility has a password that would erase volumes.
First, it is part of forensic practice to whip out a hardware write blocker. No hardware write blocker, and the evidence can be thrown out of court.
So, if someone hands a decent forensic analyzer a key, and it zaps the contents of the image, they just roll back the logs, add a destruction of evidence charge.
"The 5th amendment does not protect you from being required to provide subpoenaed materials. It just means you dont have to testify or speak..."
Very definitely incorrect. I looked into this when I first read about the second court case mentioned in TFA. The one about the guy at the border who had child pornography on his computer. TFA gives a woefully incomplete account of that case; there is almost no chance that it is anything like this one at all.
The court ruled that he had to provide the password to an encrypted area on his hard drive, because Customs had already seen some child pornography on his computer, in the encrypted portion of the drive. The decryption software was running at the time, so these files were open and 2 Customs agents were able to see them. But somehow the man then managed to turn off the computer so the files could no longer be accessed.
The key thing here is that the court did not want the password in order to perform a SEARCH. It was already known that there was illegal material there. That is a FAR different situation.
In its ruling, the court made this point very clearly: the government normally cannot force someone to provide an encryption password, in order to SEARCH for items or material that are only SUSPECTED to be there. That would constitute a clear violation of the 5th Amendment.
However, in that particular (and really very unusual) case, the government already knew that there was illegal material, and even where it was. And the court wanted that material for the trial. There could be no violation of the 5th Amendment in that particular situation the court ruled, because it amounted to seizing illegal materials that were already known to be there. Therefore it was not a "search" in any reasonable sense of the term, and the defendant was not supplying anything incriminating that was not already known. He was not "testifying against himself" in other words.
Other courts have made this VERY clear: except under very unusual circumstances, rendering your password up to authorities is most definitely "testifying against yourself", and falls under the 5th Amendment. They cannot demand that information in order to search for evidence that might incriminate you.
When I mentioned all this earlier, when this post still hadn't appeared yet, somebody (sjames) replied that this was "sophistry", to use his word, and that if the court really "knew" it was there, they would not have required that it be supplied to the court.
However, that in itself is sophistry. Apparently he was forgetting several things: (1) As long as the court is not violating the 5th amendment (and in THAT rare case it was not), it can order the material to be presented for pretty much any damned reason it pleases. I did not say it was "needed" by the court to obtain a conviction; I simply stated that it was ordered to be given up. (2) Considering that the court already had consistent and concurring testimony from 2 Customs agents, if they had committed perjury it would have been ridiculously easy to very that without much compromising the defendant's privacy, and any further intrusion could be immediately ended. So there was little danger to the defendant's rights. And most importantly, (3) I wasn't asking sjames to take my word for it; he can look up the damned court decision himself on Google, just like I did, and read about it for himself.