Once Again, Courts Struggle With Whether Or Not Forcing You To Decrypt Your Computer Is Unconstitutional
from the back-and-forth dept
For years, courts have gone back and forth over whether or not it's a 5th Amendment violation to force someone to decrypt their computer hard drives. Some have noted that it is a form of self-incrimination, and thus cannot be required, but others have ruled the other way. Not surprisingly, the Justice Department thinks there's no Constitutional issue and that judges should regularly require decryption.This issue is getting lots of attention yet again, as a judge recently ruled that a guy accused of child porn had to decrypt his hard drives, while another judge quickly reversed that order, noting that the 5th Amendment issues hadn't been properly briefed, and ordering the parties to present their arguments on the 5th Amendment issue before the court would make a final decision. This case alone has gone back and forth a few times, with the magistrate judge initially saying that the 5th Amendment forbade the decryption order, but then changing his mind, only to then step aside and let the other judge put things on hold for a bit.
This issue is going to come up again and again, and you know that eventually the Supreme Court will have to weigh in. In the meantime, it'll be interesting to see how these cases play out. In this case, part of the reason why the magistrate ordered the decryption was because law enforcement had cracked one of the hard drives themselves, and claimed to have found evidence of child porn. The judge felt that provided enough evidence to require the other drives be decrypted, since before that part of the argument had been that there hadn't been enough evidence to require the decryption. Honestly, it seems like the fact that feds decrypted the drive themselves actually provides more weight to the flip side of the argument, noting that the feds have other ways of getting evidence that don't require forcing someone to decrypt their own hard drives. There's nothing wrong with using legally obtained evidence of a crime against someone -- but forcing them to build their own case against themselves is certainly a big Constitutional no-no.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 5th amendment, encryption
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
This is different. If the courts keep ruling that people have to incriminate themselves then people will keep on refusing to obey the court orders, or appealing on grounds of self incrimination. Even a Supreme Court ruling saying they can make you incriminate yourself won't end this.
The only way this issue can be settled for good is to rule it a violation of the 5th amendment. Much as a lot of the judges on the courts are complete idiots, I think enough of them will see this and rule the right way.
[ link to this | view in chronology ]
Re: Re:
A fringe of wacko academics, in the wake of the waterboarding news, have ever since strenuously argued for “torture warrants.”
I just called 'em a fringe of wacko academics, but —sorry— they're really respected conservative thinkers and jurists.
That's where we're headed: Torture warrants.
[ link to this | view in chronology ]
Where hearts were entertaining june...
I just called 'em a fringe of wacko academics, but —sorry— they're really respected conservative thinkers and jurists.
I understand this concern on behalf of the taxpayers. People want value for money. That's why we always insist on the principal of Information Retrieval charges. It's absolutely right and fair that those found guilty should pay for their periods of detention and the Information Retrieval procedures used in their interrogations.
[ link to this | view in chronology ]
Another issue
[ link to this | view in chronology ]
Re: Another issue
[ link to this | view in chronology ]
/troll
[ link to this | view in chronology ]
You've omitted -- or don't understand -- a severe complication.
I still hold that this is forced testimony. But it's become dicey. Also, can't overlook that DOJ has probable cause here because an agent claims to have seen CP before the drive was turned off.
[ link to this | view in chronology ]
Re: You've omitted -- or don't understand -- a severe complication.
That's the DOJ's problem - if they want the information bad enough (read: it's worth it), then they have the means to *try* and decrypt it.
I disagree that it's dicey - it's just become inconvenient for law enforcement to have to do any REAL work lately. It's much easier to compel people to prosecute themselves.
[ link to this | view in chronology ]
Re: You've omitted -- or don't understand -- a severe complication.
[ link to this | view in chronology ]
Re: Re: You've omitted -- or don't understand -- a severe complication.
[ link to this | view in chronology ]
Re: You've omitted -- or don't understand -- a severe complication.
That's not what I'm reading in the April 5th, 2013 Affidavit of Special Agent Brett E. Banner.
Perhaps you can provide a source for your assertion?
[ link to this | view in chronology ]
Re: You've omitted -- or don't understand -- a severe complication.
People lie, hearsay should never be part of any real prosecution, they should show the evidence, it could have been God saying he saw it and I still would want to see the evidence.
[ link to this | view in chronology ]
Re: You've omitted -- or don't understand -- a severe complication.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Decryption
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Incriminate Yourself
The analogy I would use is a court order demanding you take the police to the place where you buried some evidence in the drive from Denver to Chicago. Simply disclosing the fact that you know that specific information is additional incriminating evidence they can point to in court; the court cannot force a defendant to reveal what they alone know, it is essentially revealing the content of their mind - basically self-incrimnation.
The fact that the evidence revealed is physical (4th Amendment) evidence, even if legitimately subpoenaed, does not seem to me to be good enough. Requiring you to incriminate yourself to deliver it is violating the 5th amendment.
Asking the defendant to decrypt the drive in a private setting does not detract from the action - he alone went into the room with an encrypted drive, he alone came out with a decrypted drive. This is no different than being required to divulge the password, basically self-incriminating testimony. (In fact, I assume a decrypted drive sitting open permits capture of the passowrd.)
[ link to this | view in chronology ]
Re: Incriminate Yourself
It normally does allow a better chance to capture a password but even more so it allows you to capture the un-encrypted data available in that session and within memory.
This is why ALL LEO's who have been briefed properly about digital evidence are told DO NOT ALLOW DEVICES TO BE SWITCHED TO AN ALTERNATE STATE. ie: If On .. DO NOT TURN OFF and vise versa.
Also interestingly there are now double blind encryption systems that accept multiple passwords/keys and only one will actually decrypt REAL data the others either decrypt dummy data whilst destroying the real data. Now that's problematic
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
No, it's way more than that. They do not have the ability to decrypt the other drives. The reason they were able to decrypt the one they did is because they somehow acquired the decryption key. Barring some heretofore undiscovered flaw in the AES encryption algorithm, trying to brute force decrypt a a 256 bit AES encrypted volume is quite literally impossible (and that's even the correct use of 'literally'). For the why of this I'm going to steal a link from reddit that is in turn an explanation stolen from Bruce Schnieir from his book Applied Cryptography.
http://www.reddit.com/r/technology/comments/1foo16/judge_grants_emergency_injunction_ overruling_a/cacj8ye
The short version is, even if you could build a hypothetical "perfect" computer, and if you could extract all the energy of a very large star (much much larger than our own), it would still not be enough to cycle through all 2^256 possible encryption keys. You could only make it to about 2^219, which, despite being a very large number, is nevertheless a tiny tiny tiny fraction of 2^256.
In short, the only way the feds are getting into those other drives is if they somehow get their hands on the key, or convince the accused to decrypt the drive.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
I'm not assuming anything, I'm talking about the specific case of attempting to do a pure brute force attack against a 256 bit AES encrypted data set.
The reality is that yes, there are a lot of very clever techniques that could be used to search a vastly reduced keyspace, but there is no guarantee that the key will be found in that keyspace. It's speculation based on knowledge of human behavior that they key is probably not truly secure.
Nevertheless, as long is it is reasonably secure and so long as the investigators have no additional information to aide them in guessing the key, the point stands that it is impossible to crack the encryption. If they do have additional information that would aide them in guessing the key then that is an entirely different use case.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So here's the thing I don't understand, I'd think it would be rather trivial, if not a bit weird, to set up a decryption key that would actually rewrite stuff on your hard drive.
Like use your secret "The cops are watching!!" password to replace all your files with other harmless files... Or something far more clever than that, I don't know... something to destroy evidence while making it look like you didn't.
They don't know what the files are. How would they know how much, if any, were destroyed when you "decrypted" the harddrive?
[ link to this | view in chronology ]
Re:
Some encryption software does offer "Plausible Deniability" which is a very similar concept to what you propose.
One method being two keys, one opens up your secret content the other key opens up pictures of lolcats. When your adversary forces you to decrypt just give them the lolcats key.
http://www.truecrypt.org/docs/plausible-deniability
[ link to this | view in chronology ]
gotta go with the 3 layer AES-Twofish-Blowfish or if your super paranoid go for the One time pass, if you access to truly random number generation. Use LOOOOONG passwords
[ link to this | view in chronology ]
So it's a punishable offense for me to circumvent Crapple's iPhone security in order to switch carriers but its perfectly legal for the FBI to circumvent the protection measures in place on my hard drive?
When data is encrypted it is not "hidden", it's changed. The original plain text data probably no longer exists. The bits of data are essentially scrambled and randomized by a process that can be reversed with the correct key. So technically, the CP image wouldn't actually exist on the drive in question until the data is decrypted.
What if he says he "forgot" the password (or what if he really did)? You can't be held accountable for not doing something you are unable to do.
[ link to this | view in chronology ]
Could very well be different decryption schemes
I wonder what the prosecutor would do if someone did decrypt a drive under duress and it turned out to have nothing but gobbledegook, or 500,000 identical pictures of a unicorn or something. Would they charge the accused with destroying evidence?
[ link to this | view in chronology ]
Re: Could very well be different decryption schemes
Also, if they are claiming a login password as encryption I can provide a number Linux live CD/DVD probably would allow access to the data.
[ link to this | view in chronology ]
Re: Re: Could very well be different decryption schemes
Most likely is that the drive they were able to de-crypt was because they either discovered a password written somewhere, or perhaps because a 'dictionary word' was used as the password, or they simply got lucky brute forcing.
The Linux CDs you are talking about generally rely on rainbow tables, they may or may not work,
[ link to this | view in chronology ]
Re: Could very well be different decryption schemes
[ link to this | view in chronology ]
After all, they didn't have authorization to decrypt the hard drive...
Hmmm...
[ link to this | view in chronology ]
Wall safe/warrant?
[ link to this | view in chronology ]
Re: Wall safe/warrant?
A better analogy is:
"Tell us where you hid the body or go to jail until you do tell us"
You can not prove someone knows where the dead body is nor can you prove he knows the encryption key.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
A good example would be someone who runs a tor relay gets raided. Then they refuse to decrypt because they have some pirated movies and software.
The logical thing to do would be to give them immunity on anything that is not child porn related.
This would be for someone that actually did not use a hidden volume. If encrypted correctly with hidden volumes or even a hidden os there is actually no way to tell if there may be more.
The truth is even bad as cp is, it cannot trump a persons birthrights.
[ link to this | view in chronology ]
do they really need more evidence?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The best thing to do
[ link to this | view in chronology ]