Your Encryption Key Is Protected By The Constitution?
from the can't-incriminate-yourself dept
In an interesting case up in Vermont, a federal judge has ruled that someone accused of a crime cannot be forced to reveal his or her encryption key, as it would be a violation of the Constitution's 5th Amendment, saying that an individual cannot be forced to self-incriminate. In an age where encryption is becoming increasingly popular, expect to see other cases of this nature. It seems likely that a case like this one (if not this one itself) will eventually wind up before the Supreme Court to determine whether or not someone can be forced to give up his own encryption key. Where it gets tricky is the question of whether or not the key itself incriminates the person. As the article notes, a person can be forced to give up a key to a safe that contains incriminating evidence, which many say is analogous to this situation. In the meantime, though, we've already seen cases where people are presumed guilty just because their computers have encryption software installed -- so, it may not matter whether or not the key is provided when the presence of PGP alone is viewed as incriminating.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: constitution, encryption, encryption key, fifth amendment, pgp
Reader Comments
Subscribe: RSS
View by: Time | Thread
I have a hard time accepting that
Does that mean if I lock my doors I'm assumed to be doing something illegal inside?
Suppose I just want to keep the grandkids out of my porn?
[ link to this | view in chronology ]
5th ammendment
[ link to this | view in chronology ]
Re: 5th ammendment
[ link to this | view in chronology ]
Re: 5th ammendment
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Protection of constitution
Actually, the Constitution is protected by the full strength of the U.S. military, whose officers are sworn to support and defend *it*.
One can hope that the vast majority of said officers take that oath seriously, and can tell when *its* authority is being usurped by mere politicians...
[ link to this | view in chronology ]
Re: Protection of constitution
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The rule makers
Those in charge make the rules and the rule benefit only those in charge. One day, hopefully, this will come to an end.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)
mQGiBEdbHE0RBADEEtnxrVLK9ocQonX8zVP4hUejy/C89RnuHLL7dXDF35XqEt1b
lVsuvzG7YTX2aFqZNkQ v1nZO8InpwT3KXrADzbGb6otkSo4vA8C0fq+IqNi2KJ9R
FYtGKDvFnvp90iAn1fDqT7jXiNkKpDdp9CPBsHbIHS/XgpAiZqdCD eaXOwCg6uvt
2ZJhPyNNPzWuux63zx5HZXsEAIb6CXLwch38vsDt8Big4XRWpBOUtUTQZlxd6XSt
U9pdSY0WBnzFjtA4ahSnZ aLoHjs5/kyjv1z/H1MuDstcZ8AnkoINWnT1ozviPiup
T8mWS15NYCSj46Oqc/ztrNeyhPFOhXg6ZxNEY/4zM9vqSz+F+pIZu0F OVKKFdVVq
w/YCBACHWjrtl2uAmVhbOCRc9hQz9sNbkk9F+OWgKcrEJliXmCcXDQRfhQ3JN1FH
EleuapuUFTV7Wke+IkNjP5C fwRWmIQTgWKpHPOef1K6YgRr+bhPJjXMiRjXRuBUm
OvngPsbZgb0MS2Ajy/3bmLMUijKZmNjrlmyPC1eYjWSbJXRh17QpUm9ia W4gU21p
dGggKGdlbnVzZSkgPGZ1ZWdvNDUxQGdtYWlsLmNvbT6IYAQTEQIAIAUCR1scTQIb
IwYLCQgHAwIEFQIIAwQWAgMBA h4BAheAAAoJEDyNrB0qhmTxT3UAnRs/tDQi8KFQ
DAeBDYN1UzcenWvJAKCKsgrsCg0/QoGFTmYht7eipK3aD7kBDQRHWxxQEAQ AlYAr
WXRkbfMgmWI3UljoMSQpkGB0x3ZPqjC/gExzrXVlGeTBm3C40mg0oFZrNHKlWMCi
smt3oVyEwOrP9ngeUnunk2PddxK dznw9gRGQjzByDgXwd2oQtJiL94l5Jy76KZfX
bHdPZl8Y67thCgSMCO4pvWKZuAkllW8EvXFv7XsAAwUD+gOJKZsHPpCXCtPi7 1Fy
Fe6+NyHZI1Sb/cXIQtCShHeciKihuDIcUqCyEEqFEBzm5f8H6Axny01tUe0Y/01Z
wDuTVJB2wTIHO9G0JAuSuUWsD3Pgc wX8ALMhm+9eoym4vcaI9WY3zg7hQiijH1p2
2+4QKvHNvcJ7VW6tVAja4/UYiEkEGBECAAkFAkdbHFACGwwACgkQPI2sHSqGZPG R
ZwCdH73m8BnlmJM8BsSwKNLFR69+g+0AmwaFSaIQOSAqCtyzTM0KuTCW0OsT
=NlOY
-----END PGP PUBLIC KEY BLOCK-----
[ link to this | view in chronology ]
Bush also ..
[ link to this | view in chronology ]
Re: Bush also ..
[ link to this | view in chronology ]
Re: Bush also ..
Oh, and he hates puppies, too.
[ link to this | view in chronology ]
Combination locks
The difference between a safe combination lock and a digital private key is that a safe's lock can be circumvented in a reasonable timeframe. A digital private key encrypted with a strong passphrase and nonreversible encryption, not so much.
[ link to this | view in chronology ]
Re: Combination locks
> to your combination lock because that would
> require an utterance
An utterance isn't the standard involved. It's well-established in consitutional law that requiring people to participate in voice line-ups and/or provide vocal samples for technical analysis does not violate the 5th Amendment, even though such things require an utterance.
The difference is that a voice sample is not testimonial. The police aren't using what you say as evidence. They're using the unique qualities of your voice as evidence, just like they would fingerprints. The words are irrelevant, hence constitutional.
[ link to this | view in chronology ]
Re: Re: Combination locks
[ link to this | view in chronology ]
RE: Your Encryption Key Is Protected By The Consti
[ link to this | view in chronology ]
Lock Combo
[ link to this | view in chronology ]
Testifying
[ link to this | view in chronology ]
Consitiution
If you had any understanding of the military in their constitutional role you would not be posting such blather.
The military is not a political organization, it does not make decisions with regard to constitutional issues. That is the role of the SC. The Military was placed under control of civilians, subordinate to duly elected officials.
To complain about your elected officials is your 1st amendment right. To advocate the violent overthrow of the government is sedition.
[ link to this | view in chronology ]
Testifying
The twist on that is the password itself is not incriminating, but the files that it opens may be. So is the pwd protected or not?
For the SC to decide.
[ link to this | view in chronology ]
Re: Testifying
[ link to this | view in chronology ]
Sedition
[ link to this | view in chronology ]
save evidence until a supercomputer cracks it
[ link to this | view in chronology ]
Compelled Production of Passwords
[ link to this | view in chronology ]
Re: Compelled Production of Passwords
"Being a cop myself, I nevertheless tend to side with the judge on this one. People shouldn’t have to help the government make a case against them. Besides, this is just like trying to compel someone to produce a voice sample— what happens if the court orders him to produce the password and he still refuses? Hold him in contempt? Big deal. If he’s facing 10 years on a child porn charge and he knows that if he produces the password, they’ll have the evidence to convict him, a few months in the local jail on a contempt charge is by far the better deal."
Plus not be labeled as a pedophile, in this case anyhow. Should of used Truecrypt. Wouldn't even get to the point of an arrest, much less contempt, or an actual conviction. This is from truecrypts Documentation:
It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.
The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.
http://www.truecrypt.org/docs/
under
Plausible Deniability
Hidden Volume
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re 21 Citations & 22 BTR
Google is a wonderful thing.
Its so easy to use, you should try it sometime.
But there you go.
3 different times he mentioned it (one was off handed joking but saying it other times you gotta wonder).
Feel free to puruse these as well.
http://politicalhumor.about.com/library/blbushisms.htm
[ link to this | view in chronology ]
[ link to this | view in chronology ]
cryptographic protection
[ link to this | view in chronology ]
Re: cryptographic protection
Who is to say that MS doesn't have a means of breaking the code and handing over the info to whoever requests it?
When I read their licenses, it sounds to me that is exactly what they have the "right" to do with software you license from them and the information they gather from you.
I think if it comes down to real security, I'm going with an OSS solution. At least I can look through the code for anything that looks like a backdoor or skeleton key.
This kind of goes back to the companies that forget or ignore the governments keyloggers and trojans in their security software.
[ link to this | view in chronology ]
Re: cryptographic protection
[ link to this | view in chronology ]
Encryption: heh
On a side note: what if you work in a security concious environment that requires any VPN users to use PGP for files directly related to their job, and in that case should the government get an injunction to decrypt said cryptainer, at that point you are protecting your company and it's assets regardless of what else is encrypted.
[ link to this | view in chronology ]
Re: cryptographic protection
Nunya's got it right -- software that hasn't been independently peer-reviewed can't be trusted to perform any functions, let alone security-critical ones such as encryption. As we've seen (over and over and over again), it's very difficult to implement correctly-functioning software even with enormous amounts of peer review; without it, it's hopeless.
My way of explaining this is "closed-source is faith-based security".
[ link to this | view in chronology ]
Specifics of the case
Note that the CP was observed by a an official BEFORE the cryto kicked in. That may or may not be the deciding factor.
The SC has a tendency to decide on very narrow grounds, the days of the warren court are long gone. No penumbras likely to be found here.
[ link to this | view in chronology ]
In Soviet Union...
Let's pretend that you are a political dissident in China. You have been caught sending seditious PGP-encrypted messages to people outside of the country (how do we know they are seditious? Because they are encrypted, of course.) We brutally pull you into detention and check your hard drive. Lo and behold, you have further encrypted files on your hard drive! Incredible! Treason! Now, let's just pretend that the Chinese government magically gets something like the 5th Amendment, the Supreme Court, and something approaching the rule of law.
How would any citizen of any country react to this situation? Wouldn't we be outraged that a citizen was being oppressed for "possible crimes against the state"? Crimes that could not be proven, except by torturing the secret key out of the person? Stop me when this starts to sound familiar.
See, PGP was not created for the express purpose of hiding the communications of people in Burma and China, exclusively. Any political dissident, anyone with an opinion contrary to the opinions held by those currently in power, and basically anyone who values his/her privacy, has the right to encrypt.
If the government has independent proof that I or anyone else has committed a crime, let the government present that evidence. Seizing and fishing through a laptop is a cop-out. It's lazy police work. If a crime has been committed, and anyone is arrested in connection to that crime, you'd better have great evidence that connects this crime to this person. Otherwise, you have to let that person go.
Sorry, but your person is a better criminal than you are a cop. You'll just have to catch that person when they commit their next crime. Sounds harsh? So does false imprisonment, and holding political prisoners. The U.S. criminal justice system was originally set up so that it was given that some criminals would go free. As long as no innocent person was placed in prison, this was considered an acceptable price. Now, with our "Law and Order" folks running around, the balance has shifted. Now, you're "guilty until proven innocent" and even then, you're innocent only if you can afford an expensive lawyer.
You absolutely have the right to remain silent. There is no God or Government that can compel you to speak. If they use torture, coercion, "harsh methods" of any sort, you've just proven that the authorities have zero moral (and legal) legitimacy. Also, you can just claim that you forgot your password. Hey, the "I don't remember" excuse worked for Reagan. Turns out he, at least, was telling the truth.
[ link to this | view in chronology ]
The "I Don't Remember"
Very well said Shun.
I agree with your argument.
[ link to this | view in chronology ]
Encrypted Corporate Hard Drive
[ link to this | view in chronology ]
George W. Bush committed hate crimes of epic proportions and with the stench of terrorism (indicated in my blog).
George W. Bush did in fact commit innumerable hate crimes.
And I do solemnly swear by Almighty God that George W. Bush committed other hate crimes of epic proportions and with the stench of terrorism which I am not at liberty to mention.
Many people know what Bush did.
And many people will know what Bush did—even to the end of the world.
Bush was absolute evil.
Bush is now like a fugitive from justice.
Bush is a psychological prisoner.
Bush has a lot to worry about.
Bush can technically be prosecuted for hate crimes at any time.
In any case, Bush will go down in history in infamy.
Submitted by Andrew Yu-Jen Wang
B.S., Summa Cum Laude, 1996
Messiah College, Grantham, PA
Lower Merion High School, Ardmore, PA, 1993
“GEORGE W. BUSH IS THE WORST PRESIDENT IN U.S. HISTORY” BLOG OF ANDREW YU-JEN WANG
______________________
I am not sure where I had read it before, but anyway, it is a linguistically excellent statement, and it goes kind of like this: “If only it were possible to ban invention that bottled up memories so they never got stale and faded.” Oh wait—off the top of my head—I think the quotation came from my Lower Merion High School yearbook.
[ link to this | view in chronology ]
[ link to this | view in chronology ]