Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges (theregister.co.uk)

Posted by msmash on from the know-your-rights dept.

Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.

22 of 522 comments (clear)

  1. Contempt of the court... by ruir · · Score: 5, Insightful

    I do not even know any of the passwords I use either at home or work....random passwords+2FA. I could not even remember them, even if my life depended on it.

    1. Re:Contempt of the court... by Midnight_Falcon · · Score: 4, Insightful

      But you have some way to summon them through a password manager, and a Court would simply order you to release those credentials.

    2. Re:Contempt of the court... by Mashiki · · Score: 4, Interesting

      All you need is a lawyer who's willing to argue that police lost evidence of this during arrest/warrant sweep. Happens quite often and there's a lot of case law on it.

      --
      Om, nomnomnom...
    3. Re: Contempt of the court... by Anonymous Coward · · Score: 5, Informative

      No, you cannot "set your encryption" to do that. Your shit will be imaged.

    4. Re:Contempt of the court... by Dread_ed · · Score: 4, Informative

      We don't need to mod you down. Just present facts. Not that I am a Trump supporter, but I can tell from how you write that you are unhinged due to rampant bias. It is affecting your mind. Specifically, but not limited to, your ability to process data, form correct opinions, and see facts as they are.

      Case in point:

      District Judge: Honorable L. Felipe Restrepo

      He is an Obama appointee who made the original ruling and whose ruling the third circuit court of appeals upheld.

      Please tell me how an Obama appointee is part of a vast right wing republican conspiracy to attack Americans.

      --
      When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
    5. Re:Contempt of the court... by dougmc · · Score: 5, Insightful

      This is not a Constitutional question — the guy is not asked to testify against himself. What he is to say is not under oath and will not be used against him.

      It is indeed a Constitutional question. He's accused of a crime, and he's being asked, er forced to aid the prosecution. What happened to his right to remain silent, his right against self-incrimination?

      And yes, I do believe it is the goal of the prosecution to use any passwords he provides to find stuff that *will* be used against him. They are *demanding* that he aid their prosecution of him by divulging secrets ... how is that not testifying against himself? Next, are they going to waterboard him for the passwords?

      What is demanded of him is a key to the premises, for which a perfectly valid search-warrant has already been issued.

      If they were demanding a physical key, he could refuse to tell them where that is too. That said, without that ... they'll just knock down the door.

      Also ... has a search warrant been issued to search his brain?

      This stinks to high heaven. I thought that it was already established by case law that you did not have to say anything to aid the prosecution in any way, that your right to remain silent was absolute in a criminal case?

    6. Re: Contempt of the court... by Xest · · Score: 4, Funny

      No man, you just tell your encryption don't take that shit, don't let yourself be imaged, encryption. Stand firm in the face of these fascists, encryption, and do right by me man.

  2. What if by markdavis · · Score: 4, Insightful

    >"upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives"

    I am not saying that is the case here, but what if a defendant really doesn't remember the password? Throw him in jail forever? Some devices don't need a key/password UNLESS they are disconnected or reset, and it is very plausible someone might have been using something for a long time without knowing.

    1. Re: What if by Anonymous Coward · · Score: 4, Funny

      Perjury, obviously, for claiming to be a Slashdot reader with a girlfriend.

    2. Re:What if by ShanghaiBill · · Score: 4, Interesting

      what if a defendant really doesn't remember the password? Throw him in jail forever?

      Sure. Why not? The criteria is "reasonable doubt" not "certainty". In practice, the standard for "reasonable doubt" is not very high. When DNA evidence first became valid in court, the Innocence Project reviewed thousands of old cases, and determined that about 10% of them could not possibly have committed the crimes for which they were convicted. One case overturned was the Central Park Five, which EVERYONE, including our president, was absolutely certain were guilty. There are many, many other cases with no DNA evidence, but there is no reason to believe the false conviction rate is any lower for those.

      So if 90% certainly is good enough to lock up some poor black kids for life, why isn't it good enough for a rich white guy with a Macbook Pro?

    3. Re:What if by ShanghaiBill · · Score: 5, Insightful

      How about we work on improving justice for all without regard to socioeconomic status or race.

      Sure. But if we fix it only for the rich white guys, then they no longer have any motivation to fix the system for others, and it is they that are empowered to do so. We should indeed fix it for everyone. But we need to start at the bottom.

  3. That's not good law by Baron_Yam · · Score: 5, Insightful

    This amounts to "We know you're guilty even though we can't prove it so we're not going to bother with proof", and worse, they're using that to apply a potentially unlimited sentence.

    Just because the guy is accused of having a child porn collection doesn't mean the niceties of law shouldn't apply.

    I'm actually not so much for the right against self-incrimination, but I am very much for the right to a fair trial based on evidence and not what people 'know'. I'm also very much on finite sentences proportional to the needs of protecting society, punishing enough to scare the next guy, and attempting to reform the convicted if possible... but there shouldn't be a sentence at all without a just conviction.

    1. Re:That's not good law by MrDoh! · · Score: 5, Interesting
      That was how the UK version of this law was made to look silly (even though it later passed of course).

      An admission of a crime was made, written up, encrypted, and put on a USB(CD maybe) and sent to the Home Secretary. The police were then contacted and informed that the Home Secretary has, in his possession, an admission of a crime that requires a custodial sentence.
      Technically, that he never had the keys to unlock it was irrelevant. He had an item that was an admission of a crime, he was duty bound to hand it over and unlock it, even though there's no way on earth he could. But the way the law was written, he was the one in trouble.

      If this is allowed to stand, we now have the way for someone/anyone to send you an encrypted file (email/cookies), that will then get you found in contempt of court as you are unable to prove you can't unlock it.

      --
      Waiting for an amusing sig.
  4. In fairness by HeckRuler · · Score: 5, Insightful

    So when are the politicians going to be charged with contempt of court when they "do not recall"?

  5. Contemptible. by msauve · · Score: 5, Insightful

    I agree, it's contempt of court. As well it should be, since the court is contemptible. The right against self-incrimination is absolute - you don't have to testify against yourself, you don't have to unlock that (combination) safe, you don't have to decrypt files. You have the right to remain silent.

    That is, unless it's the physical key to a safe, or some hardware encryption key. That's physical, and subject to seizure. But a combination or encryption password is a product of the mind, and forcing it out is forcing self-incrimination.

    Sure, law enforcement has a right, with the proper warrant, to break into the safe or attempt to decrypt the contents themselves, but failing that, they're simply SOL.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  6. Re:Destroy code? by Kardos · · Score: 5, Insightful

    No, it is not even fantasy to have a "destroy everything" password. Even a rookie investigator knows to make a copy first. If you provide self-destruct keys it'll be blatantly obvious.

  7. Does this case fit the precedent? by nctritech · · Score: 4, Interesting

    There is precedent for this when the defendant has already decrypted the drive for authorities and then refuses to do so for the court. In that case, the contents are considered a "foregone conclusion" and there is no question that the defendant both acknowledges the encrypted volume and knows the key to decrypt it. This is a reasonable balance against Fifth Amendment protections.

    If he has not ever revealed the password to authorities, the Constitution absolutely prohibits this action by the court. A man cannot be compelled to self-incriminate, the court may not presume guilt (innocent until proven guilty), and the court can only establish guilt through due process of law (everything from investigation to conviction) and with equal protection under the law (the law is applied the same way to everyone). This ruling blatantly violates most of these basic rights if the contents of the drive are not a "foregone conclusion."

    1. Re:Does this case fit the precedent? by nctritech · · Score: 4, Interesting

      They can't criminally charge you for not taking the sobriety field test. They can and will take your license away. That's not a criminal process, it's a regulatory one. Different states may have different variations but the song generally remains the same. Driving is legally considered a privilege, not a right. It isn't the same thing.

      I agree with your second part. Civil asset forfeiture is a blatantly unconstitutional thing that is constantly abused. It's still not a constitutional action, but the guys with the guns make the rules in the end.

  8. Re:This is bullcrap by Marc_Hawke · · Score: 4, Insightful

    The Courts (and Law Enforcement) have gotten really lazy, and it's confusing to me why they don't see it.

    During the San Bernardino iPhone stuff and other such stories, there were so many 'seemingly intelligent' people saying how encryption shouldn't be allowed because it made law enforcement difficult. Since when has it been easy? Wearing gloves makes it hard to pickup fingerprints. Should you outlaw gloves as well? However, these people are saying, "You should be forced to live in a way that makes it simple for us to track you all the time." "Papers Please!"*

    Two statements:
    "As more and more people are using encryption these days it's much more difficult for us to obtain evidence." - legitimate
    "As it impedes our abilities to gather evidence encryption in consumer devices should be restricted or should include a law enforcement backdoor." - completely not legitimate

    *(Actually with the 'papers please' that's more about proving you're allowed to be there, rather than checking to see if you shouldn't be there. So it really doesn't apply to the situation.)

    --
    --Welcome to the Realm of the Hawke--
  9. Only one way out... by tinkerton · · Score: 5, Funny

    My password is "sorry I've forgotten my password". They won't be able to claim I didn't tell em!

  10. Re:Destroy code? by silas_moeckel · · Score: 4, Interesting

    This is very hardware dependent. Plenty of systems out there that require a passkey to unlock but nuke themselves with a few bad tries. They are not clonable (unless you're the NSA and even then some go to lengths to prevent chip lapping and other methods from working). In essence it's a small computer that you can not practically copy with a hardened interface that stores the actual decryption keys.

    Even the TPM chips tied to hard drives should support that.

    --
    No sir I dont like it.
  11. Re:Rubber-hose cryptanalysis by Anonymous Coward · · Score: 4, Interesting

    As a victim of a rubber hose attack by the American government I can offer some insight into how it works and how everyone looks at the issue wrong. The government usually gets it hands on you somehow and threatens you with some ridiculous mandatory minimum prison sentence. Its a somewhat civilized approach to the rubber hose attack.

    You go hire a big buck attorney who starts to work on the case. Next thing you know the government is offering you immunity for whatever is on your computer in exchange for the passwords. Of course your attorney says give them the passwords and this thing will likely go away. You hand over the passwords and it goes away, the statute of limitations ticks off a few years later.

    Now if you are the main target of their interest they will wait until they can nail you to the wall and do this step to anyone they think may be able to help.

    A better approach would be to use a wifi accessible ssd hidden in a wall or elsewhere it wont be found. Most of the time they are in and out of your house in under a hour, it is very rare, without an informants telling them all of your opsec secrets that anything well hidden will be found.

    Cops are humans, most humans are lazy and have mixed feelings about their job, remember that. Encrypted disks in the hands of the government should be treated as the starting point in negotiations.