DOJ Asks DC Court To Compel Decryption Of Device Seized In A Capitol Raid Case
from the be-careful-what-you-ask-for dept
The DOJ is testing some waters it may not want to be troubling, not with hundreds of prosecutions stemming from the January 6 Capitol raid on the docket. It has asked the DC court to compel a defendant to decrypt his laptop so the FBI can search it for evidence. (h/t Marcy Wheeler)
The government is seeking an All Writs Act order [PDF] forcing the alleged device owner to unlock the device using either his face or his passcode.
The government respectfully moves for an order compelling the defendant to produce a critical piece of evidence – his Microsoft Surface Pro laptop computer – in an unencrypted state. The government proposes a two-step process: First, the defendant should be ordered to place his face in front of the computer’s camera, so that the computer can be biometrically unlocked. Second, if the biometric attempt does not unlock the computer, the defendant should be ordered to type his passcode or PIN into the computer.
Having failed to obtain consent, the government is now hoping to achieve this by force. This isn't a particularly wise idea considering how many cases it's currently juggling in this circuit. If the court decides this violates the Fifth Amendment, it may negatively affect other prosecutions involving secured devices.
The government argues there's no Fifth Amendment issue here.
The requested relief would not violate the defendant’s Fourth or Fifth Amendment rights. With respect to the Fourth Amendment, there is only minimal intrusion on the defendant’s privacy, and there is probable cause that the defendant’s face can unlock the Subject Device (and lead to the recovery of relevant evidence). With respect to the Fifth Amendment, Reffitt’s entering his password into the Subject Device does not violate his privilege against self-incrimination, because his act of production would not be testimonial, since the only potentially testimonial component implicit in his act of producing the unlocked/unencrypted device is a foregone conclusion.
This will come down to what the court feels the phrase "foregone conclusion" actually means. While the act itself (either presenting biometrics or providing a passcode) isn't necessarily testimonial, it does give the government access to evidence that might be used against the person being compelled to grant access to this information. At least one court has found that entering passwords and providing evidence are basically the same thing, since the first naturally leads to the latter. The government has no interest in the password, even though that's what it is seeking to compel. It's interested in what having that password entered will provide.
If the only foregone conclusion the government needs to have in its possession is who owns the computer, obviously compelled decryption will help establish ownership. The government appears to know whose computer it is. The Surface Pro targeted by the proposed order displays the name of the defendant (Guy Reffitt) on the screen when opened. And, despite Reffitt (initially) telling investigators otherwise, one of Reffitt's family members confirmed it belonged to the defendant.
Having that much information on hand might be enough to compel decryption if the court decides the only foregone conclusion the government needs to reach is the most likely owner of the device it's seeking to unlock. But if the foregone conclusion bar is set higher -- a likely source of criminal evidence -- things will get much more difficult for the government.
The government is basing this request on the theory that recordings captured at the Capitol by the suspect's helmet-mounted camera were moved to the laptop for storage prior to their deletion from the camera. However, the government seized multiple devices from the defendant's home, including three phones, two other laptops, and one desktop computer. Most of those have been searched already and determined they don't hold any relevant data.
The government is assuming -- based on statements by family members who viewed recordings on that device -- that's where the recordings it is seeking are now located. But it won't know this until after it performs a search. And it can't perform a search until the device is unlocked. This assumption is credible, but the files could have been uploaded to the cloud and viewed on the device, which means the files the government concludes (in a foregone way) must reside on the laptop possibly aren't actually there.
If the court decides the government doesn't have more than a hunch at this point, it may deny this order. And it may decide to lay down some Fifth Amendment ground rules that eliminate compelled production as an option. This is a roll of the Constitutional dice the government may later regret -- a rerun of its failure to compel decryption assistance in the San Bernardino case. But if it goes the other way, it will become that much easier for the government to pursue prosecutions in a district that handles an outsized portion of the DOJ's cases.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, 5th amendment, all writs act, decryption, doj, encryption, facial recognition, january 6th, unlocking
Reader Comments
Subscribe: RSS
View by: Time | Thread
Having it both ways
As noted the point of compelled decryption is not the password it's what the password allows access to, something that should always be the first consideration for cases like this when it comes to the fifth.
The government wouldn't be asking for forced decryption if they didn't think that what was on the device wouldn't be of use for them, and given this is a prosecution the use is pretty obviously against the person who would be decrypting the device so the idea that this wouldn't involve self-incrimination is an idea that really doesn't hold up as they are trying to force the defendant to provide potentially self-incriminating evidence that the government doesn't currently possess.
[ link to this | view in thread ]
1 more step
Just another step.
[ link to this | view in thread ]
Unless the government already has the video they desire and is certain that another copy of that video resides on that computer, then "forgone conclusion" isn't valid. I will agree that it's a "forgone conclusion" about who owns the computer. But as others have already said, the government doesn't actually care about the password. The government is more concerned about the pool that's locked up and wants the pool unlocked so it can go fishing.
[ link to this | view in thread ]
I suppose there's an interesting reason why the government can't take a HD photo of the defendant and put it on a poster in front of the computer as they turn it on.
[ link to this | view in thread ]
I'm sorry what? What kind of stuff is that guy smoking because I'm almost sure there is as much or more personal information on that laptop then he might have on his phone.
[ link to this | view in thread ]
Re:
True, but seizure of, say, a locked file cabinet has been legally do-able for decades.
What, fundamentally, is the difference between a computer password and a combo lock combination?
[ link to this | view in thread ]
Re: Re:
The fundamental difference is who is unlocking it. Your file cabinet analogy fails because the government can open the file cabinet (ie forcing the lock open, cutting it off, hiring a locksmith, etc...) without the defendant doing it for them.
[ link to this | view in thread ]
Dead horses and already settled law?
I thought that the basics of this issue had been settled long ago: That one can be compelled to produce something one has, like a key, a fingerprint, or their face, but that one cannot be compelled to produce something that one knows, like a safe combination, computer password, or encryption key.
This has always been the reason given for making sure your phone (or computer, or whatever) cannot be unlocked with biometrics alone if you want to have any chance at all of the government not being able to access it's contents.
Of course, if the government can get into your safe, phone, computer, or whatever without the combination or password, etc, you are still out of luck, but at least the combination lock or password protection add a degree of difficulty to the task.
Isn't this just another example of the government trying to breathe new life into a long dead horse, and hoping no one will notice the horse's miraculous recovery?
[ link to this | view in thread ]
Re: Dead horses and already settled law?
The government doesn't believe in already settled law unless it helps them.
[ link to this | view in thread ]
Re: Having it both ways
Perhaps having it only one way is the goal in this case?
If the family members have testified or given evidence that the vides WERE ON the device, perhaps the gubbment is trying to prove that they are NO LONGER on the device so they can charge the person with destruction of evidence.
It is not often WHAT YOU DID that they get you for, but WHAT THEY CAN GET YOU FOR that they end up getting you for...
[ link to this | view in thread ]
Re: Dead horses and already settled law?
IIRC, there have been cases that have gone different ways on this. I don't think SCOTUS has settled the debate, yet.
[ link to this | view in thread ]
It seems to me that making someone provide a password to access a computer would not violate the 5th. Forcing a defendant to tell them what files they have on the computer would be a different story. This should be an interesting test case, if it gets that far.
[ link to this | view in thread ]
Re:
It seems to me that making someone provide a password to access a computer would not violate the 5th.
If the device has potentially incriminating evidence that the government doesn't already have I don't see how it wouldn't be a violation, as you're forcing someone to provide evidence that will be used to incriminate them, that it might take one extra step really doesn't change the underlying act.
Forcing a defendant to tell them what files they have on the computer would be a different story.
The two are effectively indistinguishable though, whether you tell someone or not what's on your computer if you give them access to it they can find out themselves, the only real difference is time so if you're against the latter you really shouldn't be in favor of the former either.
[ link to this | view in thread ]
Re: Re:t
I'd imagine it to be something on the order of 256 bits versus 5 bits (tumbler pins). Thank you, I'll be here all week. Try the veal!
[ link to this | view in thread ]
Re: Re: Re:
No, the locked file cabinet still has the same protections - it needs a warrant of compulsion, too. Even if most folks don't keep their personal lives in the filing cabinet (they more often used a Rolodex... look it up), there is still the bit about privacy that's pretty much set in stone, aka 4A and 5A.
[ link to this | view in thread ]
LUKS Nuke
It's a bit out of date but there is a patch for LUKS encryption (Linux) that will add a 'nuke' password. If you enter the nuke password at the PW prompt the encrypted keys held in secret keyslots are deleted and unless you have a backup of the keys it can never be decrypted.
Before anyone goes off and does this, be warned: LUKS stores the keys in a location known only to the system. On a SSD, sometimes the drive moves data around to different locations transparently. If the drive moves a key to a new location, you're screwed. That's why I quit using LUKS, period.
[ link to this | view in thread ]
That proves why you need to use "booby trap" mode, if available
This is so that if there are too many failed password attempts,. the device wipes itself and resets.
That is what I have my phones set to, as part of "insane cop proof mode"
There is no criminal statute you can be prosecuted under if they make too many failed password attempts and the device wipes itself. If they trigger to auto-wipe if there are too many failed password attempts, that are just SOL.
There is no law in any of Mexico's 31 states, America's 50 states, Canada's 14 provinces, or at the federal level in those countries you can be prosecuted under if the cops cause a wipe and reset if they make too many failed password attempts.
If your device has a "booby trap" function, use it!!
[ link to this | view in thread ]
Re: Having it both ways
"The government wouldn't be asking for forced decryption if they didn't think that what was on the device wouldn't be of use for them..."
Although the general trend of your argument is right, this particular sentence isn't. The DoJ helmed so long by Bill Barr will look at a person and decide that since he's wearing pants he must have something to hide. And that a refusal to strip must mean he has tattooed the detailed plans of overthrowing the government on his dick.
[ link to this | view in thread ]
Re: LUKS Nuke
"...If the drive moves a key to a new location, you're screwed."
The default SSD method of mitigating data storage degradation may end up bricking it? This sounds like a sign of bad implementation on Y2K levels of fail.
[ link to this | view in thread ]
Re: Re: Having it both ways
But in either case, the government is asking for something it doesn't have via the defendant in essence incriminating himself.
[ link to this | view in thread ]
Re:
Sounds good right up until the cops figure out what you did and charge you with destruction of evidence in an effort to make new case law against your "insane cop proof mode".
[ link to this | view in thread ]
Re: Re:
Also, they usually work off a forensic copy of the data. So if they accidently trigger the nuke they can just make another copy of the original and keep going.
[ link to this | view in thread ]
Re: LUKS Nuke
Only do that if the penalty for what you would be convicted for is worse than the penalty for destruction of evidence.
[ link to this | view in thread ]