Slashdot Mirror
US Appeals Court Upholds Suspect's Right To Refuse Decryption
An anonymous reader writes "The U.S. 11th Circuit Court of Appeals has found that forcing a suspect to decrypt his hard drive when the government did not already know what it contained would violate his 5th Amendment rights. According to Orin Kerr of the Volohk Conspiracy, 'the court's analysis (PDF) isn't inconsistent with Boucher and Fricosu, the two district court cases on 5th Amendment limits on decryption. In both of those prior cases, the district courts merely held on the facts of the case that the testimony was a foregone conclusion.'"
Why only if the government doesn't already know what it contains? Does that mean that they can force you when they already know what it contains?
That doesn't make sense to me.
I'd hope this applies to encrypted cell phones as well. I use TextSecure on my Android phone.
No self-respecting tyrant would try to attack your rights without an excellent strawman. In your example, the scumbag is the strawman.
If you're absolutely certain what's in the encrypted archive, you don't need the encryption key at all.
Give me Classic Slashdot or give me death!
Seriously, cause my own memory really sucks, it would be nice if i could make myself remember things. How do i waterboard myself?
/. Headline: US Appeals Court Upholds Suspect's Right To Refuse Decryption Linked Headline: Ruling Stands: Defendant Must Decrypt Laptop
Let's say, hypothetically, John Doe gets brought up on child pornography possession charges. He has one computer in his home, and the cops are reasonably sure that said porn was accessed and stored at that physical location only. They order him to decrypt his hard drive, because they know it has evidence of his illegal porn habits. He replies, "No it doesn't. It has other stuff. Stuff you don't know about. You can't see it."
Now, they could say that they know for certain that he's a lying sack of crap and force him to decrypt it anyway. No child porn evidence, but he's be embezzling from his company, according to what they find. Now what?
Two words: thumb drive.
I am very small, utmostly microscopic.
The first link is to a completely different case. Similar story, except that one ruled that the defendant must decrypt their laptop and was heard by the 2nd Circuit. The second link refers to the 11lth Circuit case.
But with the 5-4 majority it's just a foregone conclusion that they will rule on the gov't side. Fifth amendment only works on tv.
Breaking News! The editors of Slashdot still haven't figured out how links should work. Often, the hyperlink text has nothing to do with the linked article, or is at best hard to figure out.
You have the right to remain silent. You have the right to remain encrypted. Anything you say, do, or decrypt can and will be held against you in a court of law. You have the right to speak to an attorney. If you cannot afford an attorney, one will be appointed for you. Do you understand these rights as they have been read to you?
"I don't think it's selfish, to eat defenseless shellfish." -NOFX
Correct. The 1st link she has to decrypt it because the trial judge ordered her to do so, and the appellate judge ruled against her because she hadn't actually been convicted of anything. Which I agree with. I'm sure in light of the 2nd link, she might win the appeal though, which is what I think should have happened in the 1st place.
Would that mean an unappealable life sentence?
SJW: Someone who has run out of real oppression, and has to fake it.
Oh rubbish! There is an excellent description of the "behind the scenes" technical detail that goes into /. editorial management here.
It seems to me that the courts generally frown on "unenforceable laws". In this case, if the government can't decrypt your hard drive without your cooperation, they can't really "force" you to reveal it. They could try to torture you for it, but that's, at least presently, illegal. They could throw you in jail, but if you know that the penalty for refusing to cooperate is less than the penalty for whatever crime your data might provide proof of, then the rational thing is just to take the penalty for refusing to cooperate.
So, fundamentally, unenforceable.
IANAL but it seems like this decision hinges on the fact that the act of decrypting the hard drive requires the encryption key, which is in turn a product of the mind. On that basis the judge has connected it to the fifth amendment and self incrimination rather than the model put forth by the prosecution of a simple lock and key. The implication that I am seeing here is that if you were to encrypt your hard drive, but use a file on a USB drive as the encryption key rather than a passphrase, then this decision would not be applicable and you could be compelled to turn over the USB drive.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Her rights don't depend on you being more or less annoyed at what she's alleged to have done.
That what governments have always done - relied on the ignorance of the populace to usurp the rights of the unpopular to establish a precedent that's eventually used against others.
From the Opinion:
"But random characters are not files; because the TrueCrypt program displays random characters if there are files and if there is empty space, we simply do not know what, if anything, was hidden based on the facts before us. It is not enough for the Government to argue that the encrypted drives are capable of storing vast amounts of data, some of which may be incriminating. In short, the Government physically possesses the media devices, but it does not know what, if anything, is held on the encrypted drives."
What encryption product was used? It sounds like it is doing its job.
-- Two men say they're Jesus. One of them must be wrong. - Dire Straits
the law is there to stop the police from torturing you and beating out a false confession. the constitution was never meant to stop the police from gathering evidence of criminal activity. or enable criminals to hide it
The appeals court does not [like to] rule on cases which have not be decided meaning the defendant in this case has not been acquitted nor been convicted. So the court rejected the appeal. The appeals court did not rule on the matter AT ALL.
Now if she were to be acquitted or convicted, the appeals court could then chime in on details of the case such as whether or not forcing someone to decrypt (make available) incriminating evidence is a violation of the 5th amendment and only then if she were forced to and she was able to remember her password and that there was, in fact, incriminating evidence and was convicted based on the evidence which was previously encrypted.
But you need proof of the act, not knowledge of it.
What I find heartening is that this is the 11th Circuit Court (Alabama, Georgia, Florida) -- i.e., not a court known for "wacky" decisions. If it were the 9th Circuit I would be more worried that this fight isn't over.
I particularly liked how the court used the government's own analogy of a combination to a safe to make their ruling. The ruling explained that the Truecrypt software shows random characters even if nothing exists on the hard drive, so if the hard drive is like a safe -- as the government contends -- then it can be full of incriminating evidence, or completely empty. There is no way for the government to know without opening the safe. Therefore the government cannot use the argument that the evidence was a foregone conclusion. Additionally, the court (thankfully) acknowledged that just because the defendant owns a safe, is not an indication that any criminal activity is going on. The ruling both turned the government's analogy on its head, and revealed that the court has a fairly good understanding of the technology.
Proverbs 21:19
4th Amendment
5th Amendment
I'm happy the government was thwarted but I need to read the decision closer to see why the justices did not select the 4th A.
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
That is not secure enough. I encrypted it again with the same measure for double the security:
you have the right to remain silent. you have the right to remain encrypted. anything you say, do, or decrypt can and will be held against you in a court of law. you have the right to speak to an attorney. if you cannot afford an attorney, one will be appointed for you. do you understand these rights as they have been read to you?
Site used here
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Is there an encryption system available where if you put in a specifically bad password it damages the data forever?
I have no interest in kiddie porn but I sure as shit don't agree with people forcing me to decrypt.
FTFA: "A federal appeals court is rejecting an appeal from a bank-fraud defendant who has been ordered to decrypt her laptop so its contents can be used in her criminal case."
"The 2nd U.S. Circuit Court of Appeals, however, sided with the governmentâ(TM)s contention that an appeal was not ripe"
"The appellate court wrote Wednesday that it lacks âoejurisdiction to consider the resulting proceeding under any exception to our usual finality rules.â"
"If she does not decrypt the drive by monthâ(TM)s end, as ordered, she could be held in contempt and jailed until she complies."
Is this Fark?
Indecision is the key to flexibility.
If you use a truecrypt volume the driver has to be running to tell the OS not to write to the 'hidden' files. So you are at least implicating yourself that yes, there is MORE THAN LIKELY an encrypted file on the drive.
Now you could offer up a fake partition with gray-area information to try and take the heat off (say pics of a nekkid GF or a lot of Scientology text).
It's not necessary for them to prove, only to implicate. There must exist objective evidence sufficient to imply the existence of something. That implicating evidence is presented to a judge. If the judge agrees - and it's his job description to be skeptical - then that something will then become the subject of a targeted search authorized by a warrant created by the judge. At least that's how it's intended to work.
Wouldn't the 5th apply to all searches? If the police though I was responsible for some home burglaries and wanted to search my house for stolen goods, doesn't giving them access to my house incriminate me just as much as giving someone access to a encrypted drive? How is it any different?
Posting AC, but there's one simple difference:
With a safe, if it's locked, the contents still exist.
If I encrypt a disk, the original data quite literally no longer exists. The encrypted disk is not a "container" for my data -- it is a completely different set of data.
The original data can only be recreated on cue if I supply my encryption passphrase. Therefore, by supplying the passphrase I am creating or assisting in the creation of evidence against me. I'm pretty sure the Fifth Amendment has something to say about being forced to do that.
Article linked to says
Ruling Stands: Defendant Must Decrypt Laptop
... that the Robert's court will overturn this.
Check your premises.
Ah, a constitutional scholar. The relevant precedent (cited as recently as 2007) was that the government can't compel a defendant to reveal the contents of his mind. Doesn't mention torture, doesn't mention beating. Neither, for that matter, does the Fifth Amendment. It just (plainly) states that someone can't be "compelled in any criminal case to be a witness against oneself". And that's what it means.
When they arrest you they read you your Miranda rights, which include the right to "remain silent".
Guess that's just bullsh*t if the cops are sure you did it. Cause cops are never wrong, and they never lie. Never.
As for the example of unlocking a safe, I think that is wrong too, even if courts have said so. The point of the 5th Amendment is that you have no obligation whatsoever to help the government convict you of a crime.
Arguably, strawmen are what defines the more exceptional of our legislation: where would we be, if not for the Welfare Queens, the Islamic Terrorists, and Wall St. fat cats?
I am John Hurt.
the law is there to stop the police from torturing you and beating out a false confession.
is actually a subset of
compelled in any criminal case to be a witness against oneself
I actually agree with you both, though. Police-work, done as intended, is good for communities, but over-reaching and scouring someone's mind for incriminating evidence is a scary precedent. At the end of the day, I'm not sure demanding an encryption password reaches that level, but it does starts us on a strange path. Still, I don't think any groundbreaking or new legal thought processes should have been necessary to arrive at this decision.
If we take the computer, instead, as a potential human witness to a crime that the suspect knows, can the police ask the suspect give up the witness' location? Yeah, they can, and they do it all the time. Can they ask that the suspect translate the witness' language for them, if both suspect and witness speak, say, Hungarian? Of course they can ask. In relation to other, less computer-y crimes, can they ask a suspect tell them where he ditched the gun they think he used, or the body they think he dumped? Yup, again, of course they can ask this info. But, in all those cases, the suspect can (and probably should, if he's smart) refuse to provide answers to their questions.
I think the appeals court made the right decision, and it has nothing to do with "forgetting" the password. The police should be able to ask for the information they want; that's just good police-work, and if the suspect is willing to talk, by all means, they should be able to ask questions as they listen. They are just forbidden to cross certain boundaries to get at info the suspect is unwilling or unable to provide. And this is why, if you are arrested for anything big, you should ALWAYS ALWAYS ALWAYS say NOTHING until you contact a lawyer, and then allow HIM to do as much of your communication as you can. Unless, of course, it is your intention is to confess to a crime (and even in that bizzarro-land situation, I'd call a lawyer).
No, there is currently no software which has the capacity to seek out and destroy all other copies of some particular data.
Imagine some of the problems that would come up when trying to design such software. You have to delete LE's backup of your data, even when that backup isn't in the tape drive or some kind of jukebox system. That means your computer needs some way to compel LEOs to take the copy of your data, put it into a drive, and then either perform a command to damage the data, or at that point your computer directly connects to LE's computer (perhaps by compelling other people to lay fiber or something, so that a connection exists) and damage the data.
Maybe those problems are solvable, but if you can do those things, then your software can probably just as easily compel LE to stop investigating you. And hand over their wallets, too.
this alleged scumbag stole millions of $$$ and helped the housing bubble become a bubble
Do you have proof of that? If so, congratulations: the government hasn't proven it yet.
For what it's worth, you're probably completely correct. But everyone gets to exercise their Constitutional rights, not just people we like.
Dewey, what part of this looks like authorities should be involved?
I agree; this article is baffling. The link from the sentence "The U.S. 11th Circuit Court of Appeals has found that forcing a suspect to decrypt his hard drive when the government did not already know what it contained would violate his 5th Amendment rights" points to an article, dated yesterday, that says "Ruling Stands: Defendant Must Decrypt Laptop".
That is precisely the opposite of what the summary states.
http://www.geoffreylandis.com
Obviously NOT because not even the poster RTFA - or at least did not comprehend what is says because the title of this post is 100% inaccurate. The court sided with the government, she will have to decrypt - the court refuses to hear any arguments until either a conviction or aquittal is made in the case.
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
A good court decision is always fun reading.
The facts:
-- Truecrypt was used, correctly even, overall this ended up being the "ideal" encrypt scenario (well, assuming you were already dragged to court).
-- The government attempted to bring a data forensics guy to the stand. The defense jumped on him (again ideal) and he basically was forced to admit that it looks like random data and so he's useless.
-- The decision does say that the existence of an encrypted volume/file is a fact. Strictly speaking the defense didn't have to give that away, but its probably not worth the trouble to explain why your 5 TB is real random data and not merely encrypted.
From the ruling:
Whats interesting is that the ruling sketches out the conditions under which a key can be compelled. The 3 cases it lists (Fischer, Hubbel, Boucher) are starting the bound the problem quite nicely. Slashdot geeks probably don't like the thought that they'd have to give up their key under any condition, but if you read the opinion it's at least consistent. Essentially it sets the bar so that the government must be able to prove with good precision that a file exists (e.g. a particular filename) and proof that you have access before they can compel the key from you. In the Boucher case they had a government eye-witness and incriminating filenames. In this case all the government had was "we have evidence of CP going down around here, all your disk are belong to us" and the court smacked that down as not even close to sufficient. It's still murky what the minimum is. It seems like the government was hoping that ip evidence with some generic CP activity would be enough. I can imagine law enforcement proving that "your ip downloaded this file on x/yy/zzzz" (with varying degrees of difficulty) but going that last mile and showing that a particular file is on an encrypted volume (not to mention the access issue) is likely to be a pretty big hurdle.
... will be a new law that says that "possession of apparently random data is probable cause that an encrypted file system exists, and that the suspect is to be held at gitmo until the key can be tortured out of them."
There is a school of thought that holds that warrants should be much rarer than they actually are. This school of thought holds that if the cops know you have stolen goods or whatever, they can enter the premises, find the stolen goods, and off to jail you go. ...
HOWEVER, a cop who kicks in the door without a warrant and finds nothing becomes personally (and his agency, collectively) responsible for damages, including punitive damages.
The problem with this is that warrants serve another important purpose of documenting and limiting the scope of the search. In the system you describe, if cops bust into your house and didn't find what they were looking for, they would have a strong incentive to proceed on a fishing expedition to find (or even plant) evidence of some crime, any crime they can nail you with, so they won't be held responsible for their mistake. It is good to have a judge sign off on all warrants, and give limited personal indemnity to cops who are not abusing the system, but simply make an honest mistake.
It is not good to make innocent people suffer the consequences of these mistakes. If we as society decide to authorize our law enforcement to damage, destroy or take property in the course of their investigation, then we as society have a responsibility to compensate those we have harmed to make ourselves feel safe. The fact that we don't and instead treat these as paramilitary operations with acceptable collateral damage, shows how far we are from realizing the genuinely free society that our founders envisioned.
Actually yes it was. The whole idea of the 5th amendment is so that the state can't force you to incriminate yourself. And notice that ruling doesn't apply if the police know what is on the hard drive and merely need to confirm it. But if its a fishing expedition, then you have the right not to help them put you in prison.
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
Honestly, I am sure slashdot knows that links can point to things they aren't supposed to
Like this Supreme court decision
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
isn't there some sort of encryption scheme where if you put in one password it decrypts and if you put in another password it wipes?
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
1. You can't make me decrypt if you don't know what's in it?
2. You say you have a warrant because you know what's in it, so you can make me decrypt it?
3. Prove what's in it.
4. No, I won't decrypt it to help you prove the contents.
5. See (1.) Meanwhile:
6. So, who did you lie to in order to obtain your warrant?
Crypto geeks are breathing a sigh of relief, while the CEO of Harbor Freight laughs maniacally.
[End Of Line]
Strange, I didn't see this posted yet... http://xkcd.com/538/
this alleged scumbag stole millions of $$$ and helped the housing bubble become a bubble
too bad for her the law is that you have to turn over evidence of your crime to the police if they find out you have it
Scumbag or not, we all must be entitled to the protections of the constitution or we all suffer.
I'm going to assume you're trolling, because if you're really that dumb it's too depressing.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Not sure if you're nitpicking me - I don't disagree that the beating would be a subset of 'compelling'. But it's just that, a subset - and that clause in the Fifth Amendment isn't only about beating or torturing, which was my (correctly stated) point.