I blogged a lot about this topic a few years ago when the Boucher case was pending; although an appeal was filed in that case in the First Circuit, the appeal was dropped so the appellate court never decided it. In any event, several readers point me to a new decision on the topic, United States v. Fricosu, out of the District of Colorado.
Based on a quick read of the opinion, the legal analysis in the Fricosu opinion is not a model of clarity. But it strikes me as a replay of the district court decision in Boucher: The Court ends up ordering the defendant to decrypt the hard drive, but only because the court made a factual finding that in this specific case, the government already knew the information that could be incriminating — and as a result, was a “foregone conclusion” that dissipated the Fifth Amendment privilege.
If I’m reading Fricosu correctly, the Court is not saying that there is no Fifth Amendment privilege against being forced to divulge a password. Rather, the Court is saying that the Fifth Amendment privilege can’t be asserted in a specific case where it is known based on the facts of the case that the computer belongs to the suspect and the suspect knows the password. Because the only incriminating message of being forced to decrypt the password — that the suspect has control over the computer — is already known, it is a “foregone conclusion” and the Fifth Amendment privilege cannot block the government’s application.
UPDATE: A reader asks what happens if a person refuses to comply with the order or claims to have forgotten the password. Here’s the Second Circuit’s summary of the law in In re Weiss, 703 F.2d 653 (2d. Cir. 1983):
Testimonial obduracy by a witness who has been ordered by the court to answer questions may take any of a number of forms. The witness may refuse categorically to answer. Or he may respond in a way that avoids providing information, as, for example, by denying memory of the events under inquiry, denying acquaintance with targets of the inquiry, or denying knowledge of facts sought to be elicited. Or he may purport to state informative facts in response to the questions while in fact testifying falsely.
Any of these three forms of obduracy may be met with the imposition of one or more judicial or governmental sanctions. For example, when the witness has refused to answer questions, he may be adjudged in civil contempt and ordered to answer, e.g., Shillitani v. United States, supra, 384 U.S. at 370, 86 S.Ct. at 1535; In re Grand Jury Investigation of Giancana, 352 F.2d 921 (7th Cir.), cert. denied, 382 U.S. 959, 86 S.Ct. 437, 15 L.Ed.2d 362 (1965); or he may be adjudged in criminal contempt and punished for his past failure to answer, e.g., Brown v. United States, 356 U.S. 148, 78 S.Ct. 622, 2 L.Ed.2d 589 (1958). In some cases both coercive and punitive sanctions have been imposed. See, e.g., Yates v. United States, 355 U.S. 66, 74, 78 S.Ct. 128, 133, 2 L.Ed.2d 95 (1957); United States v. Petito, 671 F.2d 68 (2d Cir.1982); In re Irving, supra.
If the witness has responded falsely to the questions propounded, he may be subject to prosecution for a criminal offense in violation of, e.g., 18 U.S.C. § 1621 (perjury), or 18 U.S.C. § 1623 (false declarations before grand jury or court). If the witness’s false testimony has obstructed the court in 663*663 the performance of its duty, the witness may be met with sanctions for civil contempt, see Ex parte Hudgings, 249 U.S. 378, 383, 39 S.Ct. 337, 339, 63 L.Ed. 656 (1919), or criminal contempt, see In re Michael, 326 U.S. 224, 227-29, 66 S.Ct. 78, 79-80, 90 L.Ed. 30 (1945).
The middle category of testimonial obduracy, i.e., the witness’s equivocal responses or disclaimers of knowledge or memory, has also been dealt with as contemptuous conduct, warranting sanctions that were coercive, punitive, or both. It has long been the practice of courts viewing such testimony as false and intentionally evasive, and as a sham or subterfuge that purposely avoids giving responsive answers, to ignore the form of the response and treat the witness as having refused to answer. See, e.g., In re Schulman, 167 F. 237 (S.D.N.Y.1909), aff’d, 177 F. 191 (2d Cir.1910); United States v. Appel, 211 F. 495 (S.D.N.Y.1913); United States v. McGovern, 60 F.2d 880, 889 (2d Cir.), cert. denied, 287 U.S. 650, 53 S.Ct. 96, 77 L.Ed. 561 (1932); Schleier v. United States, 72 F.2d 414 (2d Cir.), cert. denied, 293 U.S. 607, 55 S.Ct. 123, 79 L.Ed. 697 (1934); In re Eskay, 122 F.2d 819 (3d Cir.1941); Howard v. United States, 182 F.2d 908 (8th Cir.), vacated and remanded as moot, 340 U.S. 898, 71 S.Ct. 278, 95 L.Ed. 651 (1950); Richardson v. United States, 273 F.2d 144 (8th Cir.1959); Martin-Trigona v. Gouletas, 634 F.2d 354, 357-59 (7th Cir.), cert. denied, 449 U.S. 1025, 101 S.Ct. 593, 66 L.Ed.2d 486 (1980); In re Battaglia, supra, 653 F.2d at 422; In re Bongiorno, supra.
In In re Schulman, for example, the district court found that a bankrupt’s repeated responses of “I don’t remember” and “What do you mean?” to questions concerning the disposition of his assets in the six months preceding his declaration of bankruptcy were disingenuous and evasive. The court thus construed the responses as refusals to answer and imposed a combination of civil and criminal contempt sanctions by ordering the witness imprisoned for six months, with the proviso that if the witness chose, after five days, to provide nonevasive answers, he would be released from prison. This Court affirmed, stating as follows:
The testimony as it appears in the record evinces a deliberate purpose to conceal the truth and prevent the trustee from becoming possessed of facts which would lead to a recovery of the missing property. The witness was being asked regarding transactions directly within his knowledge and facts which he must have known. When, therefore, he answered repeatedly “I don’t remember,” it is obvious that he was deliberately withholding information to which the trustee was entitled. In effect his attitude was one of defiance. He did not affirmatively tell the referee that he refused to disclose the facts which would enable the trustee to follow the property, although these facts were well known to him, but his conduct produced the same result as if he had stated his purpose openly.
177 F. at 193.
HBowman, MD says:
So, what if the person holding the password refuses? Or, forgets? What can the totalitarian courts do to punish the person for noncompliance?
[OK Comments: Read In re Weiss, 703 F.2d 653, 662-63 (2d Cir. 1983).]
January 24, 2012, 1:52 pmMike says:
I think the title has a typo. Either that or I need a better dictionary.
January 24, 2012, 2:01 pmJon says:
this does go further than Boucher, I believe. In the previous case, it was a foregone conclusion because authorities had already seen the contents of the drive. This is a more expansive interpretation of the foregone conclusion doctrine as applied to encryption cases. Yes?
January 24, 2012, 2:09 pmmikeyes says:
Non-Lawyer question:
What happens if the “foregone conclusion” is wrong and there is no incriminating evidence on the drive pertaining to the case. The accused refuses to give the password because he does not want to incriminate himself. When the drive is opened by the geek squad child pornography is there instead. Is this evidence thrown out?
January 24, 2012, 2:19 pmShelbyC says:
But that’s not true. The government already has access to all the data on the hard drive. But they have to prove that the data, when a specific algorithm using a specific key is applied, are mathematically transformed into incriminating material. And providing the encryption key allows them to prove that.
January 24, 2012, 2:21 pmAla JD says:
It seems to me that knowing the password on an encrypted computer is differently incriminating than simply having the computer in one’s possession. Kind of like the former being actual possession of the encrypted files and the latter being constructive possession, requiring the state or government to produce additional evidence of possession or knowledge.
January 24, 2012, 2:31 pmHouston Lawyer says:
I don’t see the difference between this and a court order requiring a defendant to produce a known murder weapon.
When I last used that computer, my password was ******. If that doesn’t work, I don’t know why.
January 24, 2012, 2:37 pmChris Rhodes says:
Sometimes I think it would be fun to test the bounds of rulings like this by using an old computer. Give it a 40-character password, encrypt the drive, set it up to run as a TOR exit node, then burn the paper with the password on it.
Then, when someone jerk (inevitably) uses that exit node to download illegal materials and a SWAT team kicks in my door and seizes the equipment, tell them that “The password was about 40-characters of gibberish and started with the letter ‘a’, I think. Good luck!”
When the court, incredulous, asks me why in the world I would destroy the password to my own machine, tell them that I did it just to piss off the feds.
January 24, 2012, 2:50 pmCrunchy Frog says:
The calculus is always going to be in favor of keeping your trap shut and fighting the contempt charge, unless you are damn sure that there is absolutely nothing on the machine.
Having a false password that reformats the hard drive is especially handy.
January 24, 2012, 2:51 pmDavid N. says:
I’m not a lawyer, so perhaps you (or another commentor) can clarify for me — why does the government’s knowledge of the incriminating information dissipate the defendant’s Fifth Amendment privilege? Why couldn’t it be the case that while the government may think it knows all the incriminating information, it actually does not. For instance, let’s say there’s child pornography on the computer; unlocking it does establish ownership, as the government already knows, but it also provides evidence of a different crime. What criteria is used to assure that the government, in fact, knows all the incrimination information?
Additionally, if the government “knows” a certain piece of information (I assume, perhaps incorrectly, that “knows” here is synonymous with “provable in a court of law”) then why does it matter if the defendant cooperates or not?
It seems to me that either the government can prove in court that they already know the information, in which case her cooperation is unnecessary, or they cannot, in which case this is a violation of the defendant’s Fifth Amendment privilege; either way, nullifying the defendant’s Fifth Amendment privilege is unwarranted. Can someone explain what I’m missing?
January 24, 2012, 3:03 pmPersonFromPorlock says:
Thereby inducing the “It’s not NICE to fool Mother Nature!” response. There have been remarkably few federal judges with the nickname “Chuckles.”
January 24, 2012, 3:05 pmHenry Clay says:
I find the decision somewhat confusing. First, the judge states that the fifth amendment is not implicated here (an opinion I find bizarre, but so be it), but then argues later that the court can issue the writ because Ms. Fricosu has been granted immunity from prosecution related to the contents of the laptop.
I agree with @Jon above that this goes much further than Boucher. There’s no evidence here that the prosecution has the slightest clue what’s on this laptop.
January 24, 2012, 3:07 pmPQuincy says:
Prof. Kerr states that the core point was that in “a specific case where it is known based on the facts of the case that the computer belongs to the suspect and the suspect knows the password. Because the only incriminating message of being forced to decrypt the password — that the suspect has control over the computer — is already known, it is a “foregone conclusion””
This is confusing: are you saying that the court maintained that the only ‘information’ in question for questions of 5th amendment privilege is whether ‘the suspect owns the computer and knows the password’? This would seem to imply that in any case where a known suspect’s computer was seized, there could be no protection against forcing decryption — since the owner of a computer routinely knows the password.
The way Prof. Kerr’s posting puts it, this decision effectively removes all 5th amendment protection based on the _contents_ of the hard drive. The possibility that the encrypted information is incriminating is irrelevant. And the password itself, not being incriminating in itself, is not privileged because of incrimination, and can be forced because it is known that the suspect knows it. Am I understanding the argument correctly? That seems odd (IANAL).
Are there related precedents for encoded documents on paper — which imply that the contend of the encoded information itself is not relevant to 5th amendment privilege, only the question of forcing the suspect to reveal the key to the code?
January 24, 2012, 3:09 pmPQuincy says:
Prof. Kerr states that the core point was that in “a specific case where it is known based on the facts of the case that the computer belongs to the suspect and the suspect knows the password. Because the only incriminating message of being forced to decrypt the password — that the suspect has control over the computer — is already known, it is a “foregone conclusion””
This is confusing: are you saying that the court maintained that the only ‘information’ in question for questions of 5th amendment privilege is whether ‘the suspect owns the computer and knows the password’? This would seem to imply that in any case where a known suspect’s computer was seized, there could be no protection against forcing decryption — since the owner of a computer routinely knows the password.
The way Prof. Kerr’s posting puts it, this decision effectively removes all 5th amendment protection based on the _contents_ of the hard drive. The possibility that the encrypted information is incriminating is irrelevant. And the password itself, not being incriminating in itself, is not privileged because of incrimination, and can be forced because it is known that the suspect knows it. Am I understanding the argument correctly? That seems odd (IANAL).
Are there related precedents for encoded documents on paper — which imply that the contend of the encoded information itself is not relevant to 5th amendment privilege, only the question of forcing the suspect to reveal the key to the code?
January 24, 2012, 3:09 pmWake Up Little Susie says:
Having a false password that reformats the hard drive is especially handy.
On the civil side, if you spoliate evidence then the court gets to assume the worst about what was there before the spoliation.
January 24, 2012, 3:19 pmPrometheeFeu says:
My first instinct is that it’s about right, but then again, it also seems a little weird. Here’s a hypothetical:
The case is a murder. You think that Bob has murdered Jon and hidden the body. You can’t find the body, but you’re pretty sure that if you did, you would find ample forensic evidence to convict Bob. Can you give immunity to Bob on him knowing the location of the body and then compel him to tell you where Jon’s body is?
My instinct says no. But then on the other hand, you’re not asking Bob to incriminate himself. He has immunity for his statement.
January 24, 2012, 3:23 pmShelbyC says:
It’s a mistake to view this in terms of “access” to the hard drive, since “access” is a metaphor. (e.g. “Its role is merely that it will let the police access whatever is on the hard drive” or “investigative agents were able to image and examine their contents” in the current opinion.) The government can already access all the information on the hard drive, the defendant is being forced to provide information on how to interpret the data in an incriminating manner.
To take a ridiculously simple example, suppose it is a crime to possess an image of a horizontal line. Somebody has a hard drive that has a file with three bytes, 5, 4, 5 on it. It also has a program that reads a file with three bytes, prompts the user for a passcode, performs an unchecked add on each of the bytes with the passcode, and renders the result on the screen as an 8×3 monochrome bitmap. The possessor of the hard drive is forced to reveal the passcode. If the passcode is 251, the government can prove he committed a crime. (To explain, the result would be 0, 255, 0, a row of blanks, a row of dots, and a row of blanks. If it is not 251, it is a legal image)
January 24, 2012, 3:26 pmanon says:
http://en.wikipedia.org/wiki/IronKey
Overview
IronKey manufactures a range of secure USB flash drives, including the IronKey S200 and IronKey D200, which come in three varieties (Basic, Personal, and Enterprise) in sizes ranging from 1 GB to 16 GB (up to 32 GB for the D200). The three versions differ primarily in the software included with them; there are also some hardware differences that prevent the end-user from converting one version to another. All three contain the same level of hardware encryption and are structured with two partitions: an unlocker partition with software handling locking and unlocking, and a secure area. The Basic model has no extra software and is targeted at government and military users, while the Personal includes a portable version of Mozilla Firefox, Identity Manager (an account/password management software), and Secure Sessions. The Enterprise model is intended for corporate and government environments, and is completely configurable by an administrator. As such, it can contain any or all of the software on the Personal edition, along with anti-malware software, RSA, and OTP software.
One of the key design features of the IronKey is a self-destruct mechanism which activates after the user enters his password incorrectly a certain number of consecutive times. On the Personal model ten times is the limit, and on the Enterprise model the count is configurable by the administrator, while the Basic model can be configured to disable this feature entirely. As a safety measure, the device is required to be unplugged and replugged after every three password attempts. After reaching the password limit, the device will delete its encryption keys and instigates a wear level pass on the drive, effectively making the device completely unusable.
A key differentiator of IronKey from software-based encryption solutions is that IronKey’s controller does not allow access to the user’s data before authentication, even in encrypted form. With a USB drive containing software-encrypted data, full access to the encrypted data is available immediately upon mounting. This allows offline brute-force attacks or cryptanalysis. Instead, with IronKey, the only attack surface available is giving the authentication interface different potential passwords. Because of the (also hardware-based) low limit on password attempts, this makes brute-forcing infeasible. Without getting access to the tamper-resistant hardware, an attacker cannot try hundreds of passwords, let alone the billions required to guess a moderately secure password.
January 24, 2012, 3:30 pmlgv444 says:
My analogy would be a safe with a word coded electronic lock. If the police show up with a warrant to search the safe that is known to contain a unencrypted portable hard drive, would I be compelled to provide the verbal password? Or, if it were behind a padlocked door, would I be compelled to provide the lock combination that is in my head? Sure, they could always use bolt cutters if I refused, but is that the only reason we are having this discussion? Because we don’t have “bolt cutters” for a hard drive?
January 24, 2012, 3:33 pmRoger says:
This doesn’t make much sense to me. Suppose the govt decides that it knows that the murder suspect has the info about where the body is buried, so it orders him to reveal the location. Can he refuse? What’s the difference?
January 24, 2012, 3:39 pmShelbyC says:
Oops. Forgot to link this quote to OK’s previous post here.
January 24, 2012, 3:42 pmMatt says:
I think that it is also interesting to note that the defendants in Boucher and Fricosu were not compelled to divulge the password at all but rather were compelled to produce unencrypted copies of their hard drives.
January 24, 2012, 3:42 pmChris Rhodes says:
Anyone else having a problem where it shows your comment go through but then it doesn’t appear later when you come back?
January 24, 2012, 3:43 pmanon says:
If I use an IronKey device that you know has 10 password tries until destruction,
Can you fine me if I give you passwords, just bad passwords? Can you throw me in jail *after* the data has been destroyed?
Can you charge me with obstruction of justice, or destruction of evidence?
I let LastPass Generate passwords for me, and enter them, I actually don’t know the passwords to many websites I visit (I do know my lastpass password)
LastPass loves generating passwords like this one:
MHLJNqJ1cielokro2i4Gl%@Oa8HCatK$
or this one:
CMYfsRCVwvN3&seW*Y#2udP!n*LCKsfUZXcsgPR6tEHV118JsyE1LbCA
January 24, 2012, 3:50 pmgreat unknown says:
Interesting. If we ever get an honest DOJ, Rahn Emmanuel could be in a heap of trouble regarding Solyndra – as one example out of many.
January 24, 2012, 3:51 pmOne Man's View says:
Orin
I think you are underreading the opinion (which I disagree with). In Boucher, they knew of the existence of the file and also knew something of the contents of the file from the prior observation of the pictures.
Here, as I read the opinion, they know that an encrypted file exists (from the phone conversation and from the discovery of a file name on the hard drive) but do not purport to rely on knowledge of the contents. This seems to me to stretch the rule quite a bit — since unless one conceals the file itself as a hidden file (and even that can be uncovered in some cases) the existence of an encrypted file will typically be evident from examination of the computer. IF knowing that an encrypted file exists is enough to compel the production of the password then the encryption protection is effectively nullified in all but the most unusual cases. This is a very broad decision, IMHO.
January 24, 2012, 3:51 pmIForgotMyPassword says:
The whole thing is a farce. The best thing she could say would be “I keep trying my password but it isn’t working”. No way to prove she is lying.
January 24, 2012, 3:54 pmSeaDrive says:
Not said here: Contrary to the wishes of the computer security experts, the prosecution & court agree that the suspect does not have the right to withhold evidence which has been subpoenaed. So, if the prosecution knows enough about what’s on the drive to get the subpoena, the suspect can’t block access by withholding the password. It all makes sense if you start with the notion that the court gets what it wants.
Possibly better: a setup with two passwords. One gives access to one sector, the other gives access to another.
January 24, 2012, 4:18 pmStephen Lathrop says:
Seems like encrypting my file would be something I would do if I wanted to enjoy an expectation of privacy.
January 24, 2012, 4:24 pmJoe Kowalski says:
I recognized that a person who broadly claims to “not remember” their password would be in contempt, but what if the defendant played at complying, but none of the passwords produced worked? Something like:
Judge: Disclose the password for the encryption key here.
Defendant: Okay, I think its Ai6uU5AkBs&l. Did that work?
Prosecutor: No, it didn’t.
Defendant: Well, maybe it’s ^!Z61NIz3K7c.
Prosecutor: Nope again.
Defendant: Well, I did change it the morning I was arrested, and I only had a short time period to memorize it. Maybe try YM&5U7Kx2DBw.
Prosecutor: That didn’t work either.
Defendant: Well drat. I really do want to give you the right password as the contents of that drive could demonstrate my innocence! There are documents that John Coe really was the culprit and I was encrypting the data to protect myself from his evil thugs!
Judge: {Well what would the judge say?}
January 24, 2012, 4:27 pmDavid Schwartz says:
Say the government executes a lawful wiretap, but finds the conversation to be encrypted. The Defendant talks about a “package” and about a “mark”, or even “the stuff”.
Say it’s a foregone conclusion that these words were chosen deliberately to obfuscate the real nature of the items being discussed. And say it’s obvious that the Defendant knew what he meant by those terms. And there’s no question the recording is of the Defendant.
Can a Court compel the Defendant to provide the “key”? Say that “package” means “shipment of illegal drugs” or that “mark” means “person who needs to be killed”? Say they offer production immunity — they won’t say they got this information from the Defendant, they’ll just read the “key” to the jury and admit it into evidence. They’ll have their expert witnesses say that’s what the conversation means.
January 24, 2012, 4:30 pmShelbyC says:
from the Boucher opinion:
Again, this is just flat false. The government was able to access every byte, indeed probably every molecule of the hard drive. The government’s problem was that the data on the hard drive was meaningless to the government without additional information, information that they forced the defendant to produce in violation of the fifth amendment.
January 24, 2012, 4:33 pmShelbyC says:
this.
January 24, 2012, 4:37 pmanon says:
Indeed much of the court’s time, as I see it described here and in so many others posts, are exercises in rationalizing doing whatever the fuck the judge wants to do.
January 24, 2012, 4:38 pmIspep Teid says:
What’s the consequence of failing to produce the password? I know what would happen in a civil case, but what happens in a criminal case, like this one, if a defendant refuses to provide the password?
January 24, 2012, 4:41 pmOrin Kerr says:
One man’s view:
I disagree. The contents of what is on the hard drive are irrelevant to the Fifth Amendment issue under Fisher v. United States. All that matters is the testimonial aspects of compelling the act that allows the decryption — and specifically, whatever that reveals about the authenticity, possession, etc. of whatever is in the computer.
January 24, 2012, 4:47 pmIspep Teid says:
Ignore me. This was asked answered long ago, and I missed the answered, but I missed it.
January 24, 2012, 4:50 pmShelbyC says:
I notice all the lawyers and judges use the term “password” on this topic, whereas you correctly use the term “key”. I suspect understanding the distinction is important to understanding why the result is so wrong here.
January 24, 2012, 4:52 pmSardonic_sob says:
Reformatting the drive is crude and not very productive: it would be obvious what you’d done, and would be easy enough to get around if the LEA wasn’t dumb enough to let the drive percolate for days and run a multiple-pass wipe.
What would be far better is something which would cause the file to be permanently locked (or as near as possible,) at which I would just shrug and say, “I guess I don’t remember the password for this file.”
January 24, 2012, 4:57 pmJohn A. Fleming says:
“I forgot” should be defensible. The police get a warrant and take your computer. They fuss with it for awhile, find its got whole disk encryption (and with no OEM backdoor). They start a new round of warrants and legal action for compelling password divulge.
You, in your defense, get some IT help desk guys to say that requests for password resets alway spike after the holidays (cuz people forgot their passwords after two weeks of being away from work). Since you haven’t accessed your computer in weeks, memory of your password is hopelessly garbled.
Password retention is an over-learned skill. You don’t commit passwords to long-term memory, because you use it every day. If you don’t, you forget. The keystrokes become muscle memory, and you don’t even think of the letters Especially since you, Mr. Perp, only use random passwords, and change them regularly. Because you, Mr. Perp, are security conscious.
That’s why most people have two or three easily remembered password roots, that on password resests they vary by one character. But the police have no way of proving that that is what you do also.
So you need a couple of weeks down-time. If they observe you using the computer on Monday, and ask for the password on Tuesday, you’re toast.
January 24, 2012, 4:57 pmSardonic_sob says:
This is really more crucial than it sounds. If what is needed is the key, because the data is available and the encryption algorithm is known, that presents a far different technical challenge than knowing a “password” which might be necessary to even gain *access* to the data. I can make copies of encrypted data and brute-force them. If I can’t get at it, I’m done. See discussion above on “Ironkey” secure flash drives.
January 24, 2012, 5:03 pmDavid B. says:
To clarify a couple things about the order:
1. The defendant was not required to divulge her password. She was ordered to produce a copy of the hard drive that was not encrypted. They will give her the hard drive. She will then return a copy that is not encrypted. She can keep the password.
2. She is not granted immunity from anything on the hard drive. She is given immunity from the act of producing the hard drive.
January 24, 2012, 5:05 pmJ. Patrick says:
This is stunning. Literally, I’ve been sitting here for the last hour with my mouth agape trying to make sense of this in light of my belief that we don’t live in a police state, and aren’t quite on our way to one (known travesties notwithstanding).
I mean, why not just have the police get a warrant to have sodium thiopental medically administered so that a psychiatrist can recover the password from the individual’s brain on the government’s behalf, the way a doctor or nurse might take a cheek swab for the court? Then, we wouldn’t have to fuss with trying to wrap our heads around the idea, inherent in this ruling, that the court regards memory to be infallible.
January 24, 2012, 5:09 pmdisintelligentsia says:
The 5th amendment is a protection against compelled testimony incriminating oneself. However, you don’t have a right to refuse to turn over incriminating evidence – such as documents, video or records of any type.
The issue in the instant case is the defendant was arguing that divulging the password would show that the defendant had ownership/control over the computer – that, not the information that was already contained on the hard drive, is the testimonial aspect. The court simply found that the Feds already knew and could prove that the defendant had ownership/control over the computer and therefore there was no 5th amendment privilege that attached. The contents of the drive may incriminate the defendant more but those contents are not testimonial in nature – only the act of divulging the password is testimonial and the defendant’s ownership of the computer has already been established so she is not going to be further incriminated by giving up the password.
However, that being said, I believe there is a federal cap on the time you can be jailed for contempt (I can’t recall that statute, but I think the limit is 18 months). Many states do not have a similar cap or rule of proportionality (See the matter of H. Beatty Chadwick – a man who was jailed for 14 years for failing to pay alimony). Therefore, at least in federal trials, the calculus is whether the defendant can be sentenced to more than 18 months if he/she divulges the password and is convicted for the contents of the drive?
I’d advise using Truecrypt and have a hidden container – you can comply and give the password for the “more innocent” portion of the drive up while the rest remains encrypted. You could also use a double or triple authentication method in which a password alone is inadequate (like having a keyfile that must be present and/or bio-authentication). Even better, use a pirated MP3 as your keyfile – then the disclosure of the file itself would incriminate you separately from the drive’s contents and be a separate grounds for asserting the privilege under the 5th ;-) (although they’d likely grant immunity on that part to take away that asserted privilege).
January 24, 2012, 5:12 pmShelbyC says:
Agreed. (I’m currently working on a project where our customers use “Ironkey” drives, nothing juicy, we just have to make sure our product supports writing to them) ISTM that compelling production of an ironkey password should be consitutional to the extent that it allows access to the encryped data, but unconstitutional to the extent that it allows them to decrypt the data.
January 24, 2012, 5:24 pmJust Dropping By says:
I’m not sure if there’s a commercially available product that will do this, but I’ve been advised by a software engineer that it would be feasible to create an encryption scheme in which the password automatically “mutates” at regular intervals and displays the next iteration of the password to the user, such that a daily user could enter the next iteration of the password, but could not predict future iterations. This would allow a user in the position of the defendant here to provide a correct last known password, but honestly plead ignorance of the current password if they haven’t been allowed to access the machine in several days. This seems like it would avoid the obstruction of justice/destruction of evidence problem of some of the other schemes so long as you could document that you didn’t implement that system for the specific purpose of foiling law enforcement.
January 24, 2012, 5:26 pmFmrADA says:
I think some folks are hung up on the “foregone conclusion” notion.
If the police have a warrant to search the defendant’s office for documentary evidence of a criminal fraud and find a locked file cabinet, the warrant reaches the contents of that cabinet. Issues about: (1) “expectation of privacy” in a locked cabinet; or (2) “proof” of what the government believes is in the cabinet are now irrelevant issues. Whatever may be inside is reachable by the police because they already satisfied the Fourth Amendment and got a warrant. This is true even if the cabinet contains evidence of a wholly separate crime, like possession of child pornography.
It has long been the rule that a defendant does not “testify”, against him/herself by handing over the key to the cabinet, nor by telling the police where the key is. This is true UNLESS the identity of the owner of the cabinet is in doubt. That’s why police questioning resulting in, “here’s the key to my cellar door” does not raise Fifth Amendment concerns, while “give us the key to the door behind which the loot is stashed” does.
[Edit: I think Disintelligentsia beat me to it, but I'll leave this up for kicks.]
January 24, 2012, 5:33 pmOrenWithAnE says:
I wasn’t aware that society recognized as legitimate the expectation of privacy in documents relevant to a criminal investigation. In all other cases that I’m aware of, defendants have not been able to withhold evidence in their possession.
To make it quite concrete, suppose that Microsoft had an official policy that archived all their emails (old than 12mos) with Bill Gates’ public key. When the DoJ came around to investigating them for antitrust violations, they were ordered to turn over certain emails, are they suddenly protected from disclosure?
I see no principled reason to say that documents protected by encryption are at all different from any other sort of documents — or other evidence in general. I’m sure Enron would have loved to place all their records beyond the reach of the courts merely by hiring a few technicians and installing TrueCrypt.
January 24, 2012, 5:38 pmShelbyC says:
Correct, but here the police didn’t need the “key” to the cabinet. The key to the cabinet would be analogous to a password. In this case, what folks are incorrectly calling a password is an encryption key (sorry for the overloaded terminology). But the government already has access to the file cabinet, to use the analogy, they just don’t know what the documents inside mean. This is where David Schwartz’s analogy works. Although the government can make you produce a key to a file cabinet, they can’t make you tell them that “the package” written in a document in the file cabinet means illegal drugs, and “the mark” means person to be killed. That is what they are doing when they demand an encryption key.
January 24, 2012, 5:46 pmElliot says:
Does that mean the Fifth privilege only applies to 1) computers the suspect does not own, and/or 2) passwords the government cannot prove are known by the suspect?
If so, the Fifth would be worthless in the vast majority of cases. What am I missing?
January 24, 2012, 5:49 pmJosh Bornstein says:
Would it make a difference if, say, John Smith’s password was: “I, John Smith, am a child molester.” Or, “I, John Smith, killed Sgt. Jones on 1/17/2010.” In other words, what if the password itself contains incriminating info?
January 24, 2012, 5:52 pmOrenWithAnE says:
This is taking a literalist view of encryption that no court will every buy. The content of the ciphertext is not the same as the content of the original document.
Of course, they are not demanding the encryption key, they are demanding that the defendant turn over the (cleartext) document.
January 24, 2012, 5:57 pmOrenWithAnE says:
What’s that got to do with a demand that the defendant turn over a plaintext version of the document?
January 24, 2012, 5:59 pmShelbyC says:
The reason that documents protected by encryption are different from other sorts of documents is that, unless the encryption key is also contained in the documents, the documents don’t contain enough information to be useful, and the government must obtain additional information in order to make use of the documents. Now there are many means by which it can obtain that information, but because of the 5th amendment it can’t obtain it through compelled testimony. In your email analogy, if the government can compel production of documents but not testimony, it can compel them to produce documents containing his private key, but it can’t compel Bill Gates to testify as to what it is, right?
January 24, 2012, 6:01 pmStephen Lathrop says:
OrenWithAnE, you are right about my mistake. I realized after I posted that I had conflated warrant concepts with search concepts, neither of which I really understand. I am an amateur, not a lawyer.
If I recall correctly, one thing that got Enron in trouble was fiddling around with an established document destruction schedule. For some reason, corporations are allowed to systematically destroy documents for the purpose of avoiding legal liability, so long as they do it according to an established schedule. So getting rid of potential evidence is a major objective of corporate archives management. All okay with the courts, apparently. I am not an expert, so I am sure there is more to it than that. Consult your local business records manager.
January 24, 2012, 6:11 pmShelbyC says:
And why do they need the defendant to do that? Why can’t they just produce it themselves?
January 24, 2012, 6:13 pmOne Man's View says:
Orin
I agree — whatever the contents are is irrelevant. My point however is that the issued to which the “forgone conclusion” inquiry is addressed (that is authenticity, possession, control) are all issues where the knowledge of the existence of an encrypted file on the hard drive almost automatically makes the conclusion forgone. [This is particularly so here where the file has an individual’s name attached to it like this case — but it will almost certainly be the case with the least bit of extrinsic evidence (“yes, that’s Orin’s laptop. I’ve seen him use it”).
My point, perhaps poorly articulated, is that if the forgone conclusion analysis as to possession and authenticity is trivial (no more than a witness to say it is his computer; or finding it in his room) and if only possession inferences are what is protected by the 5th Amendment after Fischer (as this court says) then under this analysis the showing of forgone conclusion will occur in almost every case and the requirement to decrypt will be vitiated.
Personally, I think this is much more like Hubbell where the issue was whether some mental exercise was necessary to produce the information subpoenaed. Here that mental exercise is the recall and recitation of the password (much like the fabled combination to the lock).
In short, it seems to me if this analysis is right then encryption will be very little protection ever.
January 24, 2012, 6:17 pmJohn A. Fleming says:
So here’s hypothetically how to beat the spoilation rap. The data you want kept private, you put in a directory served by a localhost WebDAV server. Turn off WebDAV server logging (alias log files to /dev/null). All files in that directory are owned by www/www. Each file is a .zip with AES-256 encrypted by a key generated from the user name and plaintext password. Create a WebDAV password file with many thousands of random user name/encrypted password tuples. The mapping of user names/plaintext passwords was only ever kept in volatile RAM (a small RAM disk), or a perl daemon. At power off, the mapping is gone, all files lost. Oh yeah, only communicate with the daemon via a shell command, with shell history turned off.
At every logoff, secure wipe all temporary files, logs, and caches using a logout script. Every time you walk away from your computer, logoff. Use a UPS. If you must power-cycle, first command the daemon to write to disk. Upon startup, it will read the file, then secure wipe.
For added obscurity, put all daemon code files in the WebDAV. This username/password you’ll have to commit to memory, but there will be no way for anyone without a keylogger to even know it exists. If the investigators are smart enough to “ps -ae” and notice the nondescript daemon, shrug your shoulders.
The principle is, a shutdown not controlled by you loses all data permanently.
January 24, 2012, 6:19 pmravenshrike says:
Sorry, not seeing it. This is no different then them asking you to translate messages you personally encoded and then put in the cabinet. They have the contents of the cabinet. That the contents are more confusing than the ramblings of the Unibomber is irrelevant. They want to use the contents as evidence, they’re damn well gonna have to put the clues together. The key, in this case, is the SATA cable they are using to access the drive. Or whatever other methods they may be using if they took the drive apart to scan with their own equipment.
January 24, 2012, 6:30 pmUS Citizens May Be Forced to Decrypt Hard Drives « Well Known Biases says:
[...] Discussion to be found on The Volokh Conspiracy. Share this:FacebookTwitterLike this:LikeBe the first to like this post. Law, Privacy Encryption [...]
January 24, 2012, 6:40 pmforensics_yes_i_do says:
Decent encryption uses both a passphrase and a hardware token. Even geo-based encryption (i.e. even with password, if the GPS coordinates are not an approved site then no decryption) and remote hardware keys or key files that self destruct if access is attempted from the wrong source are employed by people with real brains. That way, I can give them the password, but since the keyfile was wiped by the remote system due to 30 days of no-contact by my home system, the password does not do you any good.
There is even an application that will wipe your phone if it is within 100 feet of a specified list of coordinates –> the local police stations –> and sent an e-mail trigger to your home system to start wiping it too.
We are depending on crooks to be stupid…. or at least lack savvy.
January 24, 2012, 6:46 pmDavid Schwartz says:
Because they literally need her to *produce* the document. That is, the government isn’t asking her to turn over something that exists, but is ordering her to produce something that does not yet exist.
Here’s another hypothetical: Say the government has a lawful wiretap of a conversation, but the quality is very poor and they cannot produce a written transcript they have confidence in. Or perhaps they have one, but they’re afraid the Defendant will argue that the transcript is unreliable. Can they compel the Defendant to listen to the low-quality tape and create and provide to them a certified, accurate transcript of the conversation that would be admissible in Court? Say it’s a foregone conclusion that the Defendant was a party to the conversation and remembers it. Can they foreclose the Defendant’s ability to argue the transcript is inaccurate by compelling him to correct and certify it?
January 24, 2012, 6:47 pmC says:
Yes!
January 24, 2012, 6:51 pmElliot says:
Seems there will be a market for a system that deletes, wipes, and overwrites given files if a code phrase is not entered within X minutes of booting. Then it erases itself and backs out.
January 24, 2012, 7:00 pmC says:
ravenshrike says:
Sorry, not seeing it. This is no different then them asking you to translate messages you personally encoded and then put in the cabinet.
——–
Is the following a fair analogy: You type a document on your computer in a rare language. Let’s pick Hawaiian. New York police arrest you.
To avoid the time and expense of finding a Hawaiian speaker and paying them to translate the document, instead they get the Court to issue an Order requiring you, the Author, to perform the translation.
Isn’t this essentially Forced Labor by the Police?
Being a chemist, the Hawaiian receipe is not easy to translate. It requires not only a Hawaiian speaker but also one with some technical training. Cost to the police to perform the translation goes up, so they really REALLY want you to perform the translation. After all, those scribbles MUST be a drug recipe, not just your families traditional Christmas dessert.
Is a language translation a fair analogy to the computer decrytion?
January 24, 2012, 7:03 pmforensics_yes_i_do says:
That’s useless as any forensic acquisition will make a bit image of the drive with EnCase, FTK, dcfldd, etc. To show you how useless that is, Truecrypt doesn’t offer it as an option. It is only effective with hardware-based encryption, where you destroy the key which is managed by the hardware so you can not decrypt the header of the drive. That is why using a hardware device like IronKey works… you create a keyfile and a god-awful long pass-phrase that is the key for the hard drive, and then store that on Ironkey. Then you have to access the cleartext of the Ironkey in order to decrypt the hard drive. If Ironkey gets wiped, the forensic bit-image of the hard drive is worthless.
January 24, 2012, 7:05 pmforensics_yes_i_do says:
Not really since forensic work is always done on a bit-image, and not the original drive. All you do is wipe the copy, and since they are likely working in a virtual environment, you can write to the image anyway.
January 24, 2012, 7:08 pmSF Alpha Geek says:
To follow up on what disintelligentsia said: If you think that, for any reason, you may be forced to divulge the key to, or the contents of, encrypted data, Truecrypt is the way to go.
Truecrypt is open source (which minimizes the risk of there being an OEM back door), allows you to use a variety of encryption algorithms, and it allows you to set up an inner volume and an outer volume in the same encrypted file or device. The outer volume is acccessible with one password, the inner volume with another. The best part is that creating the inner volume is optional, and there is no way to tell, even if the outer volume is decrypted, whether an inner volume exists or not. Since Truecrypt is an excellent encryption program, you might reasonably choose to use it without the additional complexity of an inner volume.
So, when asked for the key to the encrypted contents, provide the key to the outer volume (or decrypt the outer volume and provide the contents.) When asked about the inner volume, the correct response is “What inner volume?”
The problem with things like IronKey or other self-erasing encryption schemes is that the very first thing that happens in a computer forensics investigation – after snatching the power cord out of the wall – is a byte by byte copy of the original media – erase the encrypted data, and your interrogators hand you another copy and tell you to try again.
January 24, 2012, 7:08 pmGuest12345 says:
Which suggests that if you’re going to commit a crime and store the evidence on an encrypted volume then you should make your passphrase an admission of guilt to that crime. Thus you only agree to giving them the passphrase if you are given complete immunity from being prosecuted for anything that is revealed by your passphrase.
Edit: what Bornstein said. Also has nothing to do with the order to deliver a document.
Which makes me now wonder if you claim there is no such document.
January 24, 2012, 7:09 pmforensics_yes_i_do says:
Then all it takes is a BSOD or a kernel panic and you lose your drive contents. That’s not acceptable.
January 24, 2012, 7:11 pmFury says:
So, it is known for a fact that she knows the password?
Has she admitted that? I read the portion of the transcript between her and her husband – did not indicate that she knew the password?
What if she forgot the password? I mean, isn’t this a possibility?
January 24, 2012, 7:17 pmVisitor Again says:
Someone above referred to a federal cap of 18 months for contempt. What I believe that commenter has reference to is the regulation 18-month term for a normal federal grand jury. One who is held in civil contempt for refusal to testify before a federal grand jury (either having failed to invoke the privilege against self-incrimination or having been granted immunity from prosecution after invoking the privilege) may only be confined for the duration of the term of the grand jury. The purpose of the civil contempt order is not to punish but to coerce testimony, and imprisonment for civil contempt is only proper so long as purging the contempt by testifying remains possible. However, the feds may release a civil contemnor from custody on expiration of the grand jury’s term and subpoena him/her to appear before a new grand jury–with a new civil contempt order following if the witness again refuses to testify. There was some lower federal court authority that once it becomes evident that the witness will continue to refuse to testify no matter how long he/she is imprisoned, a civil contempt sentence becomes improper, but, since it is decades since I delved into these issues, I don’t know the status of that authority. The theory was that in such a case, the imprisonment becomes punitive rather than coercive.
I was counsel for witnesses in several federal grand jury investigations of left wing activists conducted by the Nixon Justice Department in the early 1970s. In the so-called Tucson Five case, witnesses who were released from custody at the end of the grand jury term actually were subpoenaed to appear before a new grand jury as they walked out of the jail. They were again held in civil contempt for refusal to answer questions that included some as broad as this: During the three-year-period you lived at such and such an address, name every person who visited there and describe every conversation they had while there.
Criminal contempt is another kettle of fish. The feds are much more likely to use civil contempt when they need the testimony. In the rare case, though, they might use both civil and criminal contempt.
January 24, 2012, 7:37 pmJohn A. Fleming says:
If the police have a warrant, and you have an office safe, and say “It’s been awhile, I forgot the combo”, can’t they just take the safe and break into it? They don’t need your combo, they just don’t want to be excessive about spending We the People’s money (because safe-cracking can be expensive).
The difference being, for all non-national-security cases, encryption-cracking can be effectively impossible.
————-
January 24, 2012, 7:43 pmSeems like, if law enforcement has the power to compel passwords, they have the power to compel all computer/communication devices mfg’d/sold in the USA to have kernel keylogging built in and always turned on. Any tampering with the keylog file is spoilation. Since you are not doing anything wrong, you have nothing to hide from the police, who are only interested in keeping our rights secure from the depredations of lawbreakers. And by having an always accessible keylog, the police will both deter crime, and make it easier to stop wrongdoers. It’s a win/win for We the People. And to make sure, possession of a non-keylogged device is a malum prohibitum crime, since if you have one, you are either up to no good, or wasting We The People’s money while we investigate you. And since computing/comm devices are not enumerated in the Bill of Rights, The Feds can fully use the Commerce and N&P clauses to mandate universal keylogging. Oh, and it’s a Federal trespass for one person to view another’s keylog. In fact, you know what, just mandate each device to send your keylog file every month to http://myKeyLog.doj.gov; like Apple does with your location data to their servers. You can be fully confident that the Federal Government is completely dedicated to its mission of securing your enumerated rights. Let’s make it even easier for the police to do their jobs, so there will be more money for
food stampshealthy living assistance and SSI and government pensions andpolitcal patronageNational investment in critical emerging technologies————–
I’m sorry, but I’ve been reading this blog too much. I conclude there is no legal obstacle to this. It only needs a real or manufactured Rahmian crisis, all three Federal branches are already primed and ready to pull the trigger.
ShelbyC says:
Agreed. Since basically what encryption does is mathematically separate important information from the document into the encrypted text and the key, and store them separately, requiring the defendant to provide the missing information is a testimonial act. Although this case is different from the Boucher case because of the grant if immunity. Suppose they find something incriminating on her hard drive. How do hey get from “there was a bunch of indecipherable gibberish on her hard drive” to “there was this incriminating file on her hard drive” without using the fact that she produced the incriminating file against her?
January 24, 2012, 7:58 pmJon Shields says:
While the opinion looks fact-specific, it may really be setting a precedent that the posession of a laptop makes it a “foregone conclusion” that one knows the password (at least in many cases). There were other facts in this case (the conversation and the label), so it is possible that those might have been decisive, but the opinion is quite short and does not specify. It just lists the circumstances and makes a conclusion.
This goes much further than Boucher, where the police actually saw the files decrypted on the laptop in Boucher’s possession. There seems to be no evidence in this case that she actually knows the password for this specific laptop — just a general sense that the laptop was her’s (by the label) and that she had something on one of her many laptops (by the conversation).
What if we assume for the sake of argument that she actually forgot the password, or never knew it? The court already found by a preponderance of the evidence that she knows the password. If she says she forgot, can the court really “treat the witness as having refused to answer?” Can a defendant be imprisoned for contempt simply because of a showing that the defendant was more likely than not to know the password?
January 24, 2012, 8:12 pmIspep Teid says:
Sounds testimonial to me.
January 24, 2012, 8:12 pmGary Britt says:
It seems to me this case analyzes this situation to something like this:
Defendant has paper files in a safe. Government knows or has strong reason to believe based upon admissions of Defendant that evidence of some crime is contained in the paper files. Government is unable to open the safe. Government demands that Defendant assist with the search warrant by providing a true and correct copy of the paper files in the safe. (Note: They aren’t demanding the combination to the safe but a readable copy of the paper files in the safe.) As icing on the cake they give the defendant immunity from prosecution for the act of opening the safe, making and producing a copy of the paper files to give to the government. The court rules that 5th amendment privilege is testimonial in nature and doesn’t protect producing copies of paper files in the safe which is not a testimonial act (according to the court).
I don’t know if I agree with the above or if the above describes something that should be protected by the 5th amendment, but it seems to me this is, in effect, what the court is saying. So the question is if it were paper files in a safe and the defendant is ordered to produce a true and correct copy of the paper files in a safe pursuant to a search warrant does that impinge upon 5th amendment privilege?
Gary
January 24, 2012, 8:15 pmJoe says:
I use Truecrypt, but the notion that you can use to hide data is laughably absurd. A simple scan of a hard drive would show that there are “unused” sectors on a disc and further perusal would show that the data in those sectors is anything but unused.
January 24, 2012, 8:18 pmJohn A. Fleming says:
Oh, you know what, since We the Feds have your keylogs anyway, we need to take a peek at them to make sure that our efforts at achieving the National Objectives are successful. Because it’s not very efficient if the Legislature and Executive are trying to do something really important for the Nation, and You People remain unconvinced. If We can find out early, We can create education programs and enroll you in them to get your enthusiastic buy-in, support, and commitments of your time, to help push these National Objectives chosen by your Representatives to be a success. We really don’t want to know what you’re doing, but only to guage how well We are doing at spending the Public Wealth. We know You People want Us to be careful with how We spend your hard-earned dollars.
January 24, 2012, 8:23 pmCliveStaples says:
What is to prevent the defendant from saying that the files are not, in fact, encrypted?
Say I’m given a contract killing in the form of the string “Kill John Q at Eagle Plaza” and I record it as “LJMM KPIO R BU FBHMF QMBAB” (a Casesar cypher where the letters are shifted 1 place). I am arrested and the police find the document in my house. Can I be compelled to give the de-encryption key? Would I be punished for arguing that the string is, in fact, not encoded?
Consider the general case; is it a crime to possess any document which under some decryption schematic translates to criminal material? Say my hard drive is encrypted with my own proprietary encryption scheme, but under investigation a different encryption scheme’s decryption is used, under which the data appears to be illegal.
Oren’s casual dismissal of this issue as mere “literalism” is unpersuasive–unless how these things actually work is not of interest to the judiciary, giving a proof of Dickens’ theorem.
January 24, 2012, 8:26 pmOrenWithAnE says:
Sorry, what I mean by “document” is “plaintext version of the document”. The encrypted version is (by construction) no different than random output. When I say that the government can compel the production of the documents I mean that Gates has to provide them in cleartext.
To say that he can satisfy his obligation to produce a document by giving up an encrypted version is akin to saying that he could do so for a physical document by producing a shredded version — totally contrary to common sense.
Because they don’t have the document. Why did the DoJ compel production from Microsoft? Why does the SEC compel Enron and Galleon to produce their documents?
January 24, 2012, 8:28 pmCliveStaples says:
Nope; the courts in their majesty have decreed that you don’t actually get to assert that you can’t remember (reasonable, given that they can read minds). Of course you remember, you’re just lying. And you know what happens to liars.
January 24, 2012, 8:30 pmCliveStaples says:
Why stop there? If the Court knows what is in the mind of the defendant, why bother having arguments? Just have these mind-reading telepaths issue judgments without recourse to things like “proof beyond a reasonable doubt”!
January 24, 2012, 8:31 pmJohn A. Fleming says:
Joe says “the data in those sectors is anything but unused.”
Random bit data with high entropy is only suggestive, not conclusory that an inner TrueCrypt volume exists. Unused sectors may have once been used for an encrypted file that was modifed/deleted. Over time, every unused sector ends up containing a ghostly mixed-up-mess of deleted and temporary file fragments. Especially if whole-disk-encryption is being used. Especially if you filled up your WDE bottomless gigabytes with photos, videos, and podcasts. The wife and kids do that about every six months, and I have to force them to delete the junk.
January 24, 2012, 8:33 pmravenshrike says:
Um…no. It would appear to be random 1s and 0s, and there are plenty of secure erase programs that output exactly that kind of data to unused sectors of the HDD. So long as you say that you used to, or better yet still have a copy of such program installed on your computer that was used before you set up the hidden partition they would have no way of telling whether or not the random data meant anything.
January 24, 2012, 8:56 pmJ. Patrick says:
This article would seem to indicate that it is now within the reach of cognitive science to determine what password is in a criminal defendant’s head, and she need not say a word. I find this disturbing in light of United States v. Fricosu.
From the article:
The basic technique for password recovery, I’m guessing, would be to show a suspect sets of possible letters for each position of the password, and evaluate the P300 (EEG) for recognition. Unconscious and uncontrollable.
Is there a principled reason why a court could not order someone to submit to such testing, given the logic of United States v. Fricosu
January 24, 2012, 9:05 pmOrenWithAnE says:
Yes, plaintext versions of encrypted documents don’t exist. PLEASE try this in court, but be sure to give me advance notice so I can show up with some popcorn.
January 24, 2012, 9:14 pmNik Bougalis says:
You don’t quite understand how hidden volumes work in TrueCrypt and why what you’re saying doesn’t work whether hidden volumes are used or not.
In a TrueCrypt-encrypted volume that is wiped upon initial setup (the default) all space – used and unused – is filled with random data.
Without the “key” to unlock the volume you don’t know which sectors are used and which are not.
Even given the key, unused sectors will still look like random garbage to you: perhaps it’s a genuinely unused sector or perhaps it contains encrypted data long since deleted and never overwritten. In other words, whether it’s used or unused, all you see is “noise”.
Cryptography is a tricky subject to get right – in theory and practice.
January 24, 2012, 9:34 pmJohn A. Fleming says:
So I read the Order. It’s been twenty months since the seizure of the laptop. I doubt anybody could remember a password from that long ago. Do you remember all your 4-digit debit PINS? I’ve got a lot on my mind, lots to remember. If I don’t use a password in two months, it’s gone, and I have to ask for a reset. Heck, I could produce lots of e-mails from various online services where I asked for a password reset, then did it again six months later.
As long as she didn’t do anything stupid, and used unmodified maiden/kids/dogs/towns/lovers/etc, she could sit there for hours and try every haxxor combination of the common passwords people do, and never hit it.
So are they really prepared to imprison her for 18 months and put her kids and mom on welfare and CPS because her password memory is indistinguishable from the ordinary person? Seems like it’s in the best interest of the State to have her holding down a job and taking care of her family.
January 24, 2012, 9:37 pmShelbyC says:
But here, Ramona doesn’t even have her hard drive, the cops do. And they are capable of producing a gazillion different unencrypted versions of her hard drive. The reason they need her is to tell them which version is the correct one. To use your shredded document analogy, the cops have the only copy of the document, and it’s shredded. So the government is seeking to compell the defendant to use her knowledge to put the pieces back together in the correct way, as opposed to all the other ways the document could be put back together.
January 24, 2012, 9:57 pmSF Alpha Geek says:
In fact, high enttropy random data will show up in the unused space of the outer volume whether or not an inner volume exists, since Truecrypt initializes the entire encrypted file /device when the encrypted volume is created. What might be suggestive is a high percentage of unused space to data in the outer volume, but that wouldn’t be conclusive proof that an inner volume existed – you might have created a large volume against projected future requirements.
January 24, 2012, 10:12 pmShelbyC says:
OrenWithAnE: Yes, plaintext versions of encrypted documents don’t exist.
But that’s the whole point of encryption. The plaintext version doesn’t exist, it has to be recreated using additional information, that in this case has to be provided by the defendant’s testimony.
January 24, 2012, 10:44 pmZiz says:
I’m screwed. I wiped a hard drive with Eraser 5.8.8 (I don’t like the newer versions). Now, if the government ever takes my computer, they’re going to think I have encrypted data all over the place. When I say there’s no encryption, they’ll toss me in jail for contempt.
January 24, 2012, 10:50 pmDavid Friedman says:
It sounds as though the best way of keeping your data from the prosecution is to arrange things so they cannot show it is there at all. One way, as discussed, is to have a Truecrypt inner volume, on a hard drive that has previously been wiped and randomized.
An alternative is steganography. Your hard drive contains encrypted files. The prosecution insists they hold the evidence they are looking for, and forces you to decrypt them with the threat of contempt proceedings. Under protest you do so–and they turn out to be digital photos. Perhaps they are digital photos of scantily clad ladies, some in compromising situations with you, and you explain that you were trying to protect your girlfriends from the lascivious gaze of the D.A.
What you don’t explain is that the least significant bit of each pixel contains your real data, encrypted. I don’t see any way that they can demonstrate it is there. So your only real risk is if they can somehow prove that’s what you did–and you eliminate that by having at least one other drive, which you claim had the files they can somehow prove existed, but which you say got wiped–and which now has every bit a zero.
January 24, 2012, 11:02 pmarch1 says:
ShelbyC said:
“Although the government can make you produce a key to a file cabinet, they can’t make you tell them that “the package” written in a document in the file cabinet means illegal drugs, and “the mark” means person to be killed.”
Is this true? If so, I don’t understand why the government can make you tell them the decryption key for digitally encrypted files. What’s the salient difference between the two cases?
January 24, 2012, 11:52 pmDavid Schwartz says:
They aren’t asking her to turn over some plaintext copy of the document that she has in her possession. They are asking her to produce (literally) a plaintext copy, using information contained in her brain to do so, and then give those to them. They aren’t asking her to give them, or help them get to, something that already exists, they are asking her to make something and then give it to them. The analogy of a handwriting exemplar is actually closer than a physical key.
January 24, 2012, 11:54 pmShelbyC says:
Could Aaron Burr have been ordered to produce a plaintext copy of his ciphered letter? Or, suppose the cops find a piece of paper on me with 10 digits written on it, and determine somehow that it is a forgone conclusion that the paper is a rot-n cipher. Can I be compelled to tell them the value of n, or produce a plaintext copy of my cipher? ISTM that either one of those would be testimonial. Why would being required to provide an encryption key be different?
January 25, 2012, 12:07 amShelbyC says:
Well, I don’t see a difference, and nobody has been able to supply one, so I don’t know.
January 25, 2012, 12:13 amGary Britt says:
The clear text documents are in existence. They are in existence inside a safe made by encryption. While there are physical differences between paper documents inside a real safe, and electronic documents inside a virtual safe (encryption). I don’t see substantive differences as to how the 5th amendment should apply. IF it is proper to compel production of documents in a real safe, I don’t see it being improper to compel production of documents inside a virtual safe (encryption).
Gary
January 25, 2012, 12:14 amDavid Schwartz says:
That’s not how encryption works. It’s not a ‘wrapper’ with the data inside. The encrypted data is all that is there.
If I wrote down on a piece of paper all the details of a crime I committed, surely the government can demand that I give them that piece of paper. But if the Fifth amendment protects anything, it prevents the government from compelling me to make such a piece of paper.
You are confusing “production” in the sense of giving something to the government with “production” in the sense of making something. The latter is quite different from the former.
This is much closer to a demand for a handwriting exemplar than it is to a demand for a physical key.
January 25, 2012, 12:52 amJon Shields says:
I wonder what would happen if someone used an encryption process that outputs english words (or even gramatically correct english sentences). I wonder where that would fall on the spectrum between “interpreting information” and “interpreting information.”
January 25, 2012, 1:26 amdisintelligentsia says:
Steganography is susceptible to many different analysis techniques that can show that there is hidden data. The best steganography programs will analyze the photos and try to match the changes with the variations with the actual noise in the image. Your suggested technique of imbedding the information in the LSB would be trivial to break as the noise in the LSB would vary significantly from the noise in the other bits. It’s a commonly used technique but also very weak. The thing to do is leave the pics unencrypted, but the information contained in the image or music file is encrypted BEFORE being implanted in the image or music. Another technique would be to salt many images with false encrypted data to create red herrings. Also, any pics you use should be unique – not something you downloaded from the internet because a simple comparison between the two would reveal a payload.
That being said, I’d say the best way to obtain your privacy is as follows: 1. Have a USB key that contains a self-contained OS that is entirely encrypted. 2. Use TOR or a chain of several proxy services, 3. Don’t use personally identifying information during your browsing – in fact, use a browser configured for anonymous browins such as the TOR bundle browser (google it), 4. Use several publicly available hot spots on a rotating basis and not from the building that offers the service (use a restaurant next door to the coffee shop, a park next to the library, etc), 5. Reset your MAC address regularly using a tool like SMAC. 6. If you’re transferring files or sending emails, use a plugin to encrypt your emails and use VPN for your file transfers.
If your USB key is entirely encrypted it would be entirely consistent to say that you recently did a secure erase on it – the data would look the same as a secure erase – the bits in either situation are indistinguishable from random bits and there’s no way to prove otherwise. It’s better to use a USB drive than a drive in a machine because, really, who’s going to believe you just happen to wipe your entire hard drive? But wiping a key can be explained away easily – I was going to sell it on Craigslist, I wanted to give it away, I do it on a regular basis for security, etc. All completely believable.
January 25, 2012, 1:41 amOrenWithAnE says:
Under a different encryption scheme (or different decryption key) the data would not appear to be anything because it would fail verification. Modern encryption encompasses more than just a cipher — there is an unambiguous way to determine whether decryption was successful or not (although, if it fails, one doesn’t know whether it was an incorrect key, incorrect parameters for the scheme, an entirely wrong scheme or merely invalid input data).
For instance, a TrueCrypt volume, when properly decrypted, will always have the ASCII string “TRUE” as the first 4 bytes.
How things actually work at a mechanistic level is far less interest to the judiciary than how they work in actual practice.
If you read up a bit, the police offered to give her back the drive (or a copy) if she would agree to turn over the plaintext documents.
No, those would all fail verification — there is only one true unencrypted version.
No, they need her to give the court the true and correct version of the document just like every other defendant in the history of our nation.
But those “other ways” aren’t documents at all — there are half-letters were fragments don’t line up right, the words are all pointing in different directions, the sentences can’t be parsed even in the very relaxed grammar of the English language. There are a million wrong arrangements but there’s only one document.
In the same way that a document in a safe has to be “recreated” using additional information “in the combination”. Of course, the key here is that the defendant isn’t being asked to testify to anything, only to produce a true and correct copy of a document.
If what you were suggesting were really the case then every corporation on the planet would encrypt all their documents and forever be immune from discovery or investigation. There would quite literally be no point to having an SEC since every investigation would end with “those documents don’t exists ”
It is quite precisely that. In fact, folks in the biz routinely refer to “wrapping” something in encryption in a way to suggest that the encryption layer is transparent to those working above it.
January 25, 2012, 1:52 amNo Slippery Slope Please says:
Maybe I’ve missed it somewhere in the comments, and if so I’m sorry. But I think this is the reality:
(1) The government knows that more and more of the daily movings of our life are in our digital devices each day.
(2) The government knows that encryption is spreading further and further and it is only a matter of time before it is standard on every digital device.
(3) The government knows it’s mathematically impossible to break good encryption, and is justifiably scared shitless that it will completely lose its ability to gather digital evidence as use of encryption grows.
(4) Therefore, based on (1)-(3), the government–i.e. judges–will engage in extraordinarily contorted result-oriented jurisprudence. The law that government preserves its own power above all else will trump both the laws of freedom and the laws of mathematics.
(5) There is nothing we can do to stop it, because the government will never let encryption win.
Realism aside, a contempt or obstruction of justice sentence is likely far less severe than anything you’d get if there’s nasty stuff on your hard drive.
January 25, 2012, 2:23 amCliveStaples says:
Aren’t you assuming that you know how they’re encoded? What if I used my own encryption scheme that had completely different authentication parameters than any other encryption scheme?
That is, how do you know which authentication parameters to look for? It depends entirely on the encryption scheme.
If you attempted to decrypt the data with the wrong key, you might not see (for instance) “TRUE” in the first four bytes. But perhaps my scheme uses “th4o3th0g80aw48tha4″ as its authentication check. How could you possibly conclude that the information had not “truly” been decrypted?
January 25, 2012, 2:25 amCliveStaples says:
What’s to stop them from saying that the ‘encrypted’ data is actually the correct, unencrypted document?
January 25, 2012, 2:27 amDavid M. Nieporent says:
I suspect thinking there’s a distinction is important to understanding why so many criminals go to jail: they think they’re smarter than prosecutors. It may be an important computer science distinction; it’s not a legal distinction at all. You can’t engineer your way around the law.
January 25, 2012, 3:39 amDavid M. Nieporent says:
What’s to stop anyone from committing perjury?
January 25, 2012, 3:40 amJohn P. says:
I find it disturbing that all lawyers here, both for and against the court decision, argue exclusively in physical metaphors and analogies. I suppose this strategy served jurists well for centuries, but when we enter a field dominated by abstract — one might even say, symbolic or spiritual — things, pictures usually conceal more than they reveal.
I’m not convinced law, as an intellectual discipline, is at all prepared to handle the information age.
January 25, 2012, 4:12 amanon says:
Sigh, you sound like the Apocryphal Kentucky/Tennesse Congressman legislating Pi = 3.0
You can’t trick us nerds with your maths!
Perhaps the law wouldn’t be such a pile of shit if you lawyer types could respect anyone outside your profession.
January 25, 2012, 5:32 amStephen Lathrop says:
If the enemy catches you with an encrypted message, they may have to torture you to find out what is in it. If they invade your business to find an unencrypted message stored in your safe, they don’t have to do that. That’s the difference.
January 25, 2012, 5:45 amJarbidge says:
I’m not sure if you’re talking about theory or specific implementations, but it’s possible to take two plaintexts and two keys and make a ciphertext that will decrypt to one or the other plaintext depending on the key. Truecrypt hidden volumes are one example.
Deniable encryption is hard to do right – there are a lot of avenues for leakage (paging, caching, log files, application autosaves, wear leveling, …), but it’s not theoretically impossible.
January 25, 2012, 6:02 amInstapundit » Blog Archive » ORIN KERR ON Encryption and the Fifth Amendment Right Against Self-Incrimination…. says:
[...] ORIN KERR ON Encryption and the Fifth Amendment Right Against Self-Incrimination. [...]
January 25, 2012, 7:41 amThingumbobesquire says:
For cases of obduracy, I submit, there’s always the “water cure” method of persuasion…
January 25, 2012, 7:43 amBill Twist says:
An even better version of this involves unbreakable encryption.
Let’s say you communicate using manual one-time pads. Used correctly, a one-time pad system is unbreakable both in theory and in practice. You use a pen and paper to do the encrypting and decrypting, you only use electronic devices to transfer the encrypted messages, and you burn the used OTP pages and your worksheets immediately after use.
You are subsequently arrested on suspicion of whatever, and the judge orders you to hand over the plaintext of those messages that the police intercepted, but couldn’t decipher. You now have a problem, because you burned the plaintext, and you burned the pad used to encipher the messages, so while the police have a copy of the ciphertext, it is impossible to reconstruct the message.
What happens then?
By the way, OTPs are ridiculously easy to implement by hand. If you can add and subtract, you can use them, and you can manually generate cryptographically secure pads by rolling a handful of 10-sided dice and typing the resulting group of numbers on a manual typewriter using 2 part blank forms, or carbon paper (if you can find it these days!). It isn’t as laborious as it sounds, and while it does take time to build up a decent amount of key material, you have to weigh that inconvenience against the consequences of having your messages read at some point in the future.
January 25, 2012, 8:05 amSF Alpha Geek says:
I’m curious – Is anyone aware of an analogous pre-computer case where a defendant was compelled to produce the cipherkey (or plaintext) for a manually encrypted document or set of documents?
January 25, 2012, 8:10 amRT says:
They’ve already mirrored the drive, so they have a copy.
What would be better would be a password that opens a separate encrypted locker that has files that are completely innocuous.
January 25, 2012, 8:12 amBill Twist says:
I think you can. If you generate a password that is 100+ random characters long, and you only keep one written copy of it which you destroy at the first sign of trouble (maybe write it in water soluble ink on a scrap of paper that you can easily swallow).
Judge asks you to reveal the password. You explain that you can’t, because prior to his asking, indeed, prior to you being arrested, you destroyed it. It’s gone forever, and by design it was too long and complex to be remembered, and no amount of jail time is going to change that.
It’s like if you dropped the only key to a practically impenetrable safe in the middle of the Atlantic. Judge can’t compel you to provide the key because it is impossible. You haven’t destroyed evidence, either, because it is still sitting there in the safe, or in encrypted form, waiting for the police to get access to it.
I’m obviously not a lawyer, but it seems to me that would be a rather interesting conundrum for the court to work out.
January 25, 2012, 8:14 amMaus says:
You’re confusing a software wrapper/library that manages the encryption/decryption protocol with the file itself. Your misunderstanding has you claiming that a lawyer is a wrapper for legal documents. Same diff, though I’d love to see a jurist drop trou when asked to decrypt a judicial opinion into English.
More importantly, what’s to have them not toss you away for contempt because you won’t “decrypt” the entropy pool you generated from /dev/random?
January 25, 2012, 8:16 amStephen Lathrop says:
Prosecutorial absolutists here are ignoring one point. The Fifth Amendment was not enacted to prevent the government from getting information to which it is not otherwise entitled. Quite the contrary. The Fifth is intended precisely to prevent the government from using prohibited means for getting information to which it is entitled. Repeated assertions that the government is entitled to the information do nothing to address the question of a Fifth Amendment defense.
If someone catches you with an encrypted message, they may resort to torture to get you to divulge the key. If they invade your business with a warrant, to get a plain text document from your safe, there is no need for torture. They can break into the safe. That is the difference.
January 25, 2012, 8:26 amGruffBear says:
IANAL, so would somone WIAL tell me: Wasn’t the intent of the 5th Amendment right to not self-incriminate actually intended as a firewall against torture?
So, if a witness’ obduracy at revealing a password isn’t protected, what stops a law enforcement agency from torturing the witness to get it? Or, what prevents them from performing a “non-torture” coercive technique on the witness, such as waterboarding?
January 25, 2012, 8:32 amCaseyK says:
Because they literally need her to *produce* the document. That is, the government isn’t asking her to turn over something that exists, but is ordering her to produce something that does not yet exist.Here’s another hypothetical: Say the government has a lawful wiretap of a conversation, but the quality is very poor and they cannot produce a written transcript they have confidence in. Or perhaps they have one, but they’re afraid the Defendant will argue that the transcript is unreliable. Can they compel the Defendant to listen to the low-quality tape and create and provide to them a certified, accurate transcript of the conversation that would be admissible in Court? Say it’s a foregone conclusion that the Defendant was a party to the conversation and remembers it. Can they foreclose the Defendant’s ability to argue the transcript is inaccurate by compelling him to correct and certify it? (Quote)
So they would need to request specific documents right? They can’t just say produce the contents of the hard drive, can they?
January 25, 2012, 8:43 amSardonic_sob says:
It would be very simple to use commercially-available and extremely common RSA authentication generators to do this. (Blizzard, makers of the hugely popular “World of Warcraft,” have sold hundreds of thousands if not millions of these things: they’re also used by PayPal.)
They’d have to be twiddled a bit from their current model, but it’s only a matter of changing the programming. Long story short, if I think I’m in a situation where I might be compelled to release the file, I destroy the generator. *IF* they knew I’d used a generator, they could a) go after me for spoliation by whatever name, and b) try to figure out the generator’s generation algorithm and recreate it. The first is easy, the second could be anything from easy to impossible. But if they don’t, that’s that. I tell them the last password I used, it won’t work, and nothing and nobody can do anything about it.
The main risk with these, by the way, is that they use a clock to determine what the “right now” authentication is, one in the generator, and one in the authenticating software. According to Blizzard, occasionally the clocks can get out of sync to the point where the generated authentication doesn’t match what the authenticating software thinks it should be. When that happens… you buy a new authenticator and hope the administrator of the system has the power to remove the authentication requirement so it can be reset to your new one. (Blizzard, obviously, does have this power.)
January 25, 2012, 8:49 amJoel says:
I think the point here is not the key, it’s the deniability. “I wrote my 60 character password in the dust on my PC, the cops messed it up when they took my stuff.”
January 25, 2012, 8:53 amNow what? Contempt?
Sardonic_sob says:
Um, if they were to actually SAY this, I don’t think it would go over well. Persons, both natural and corporate, have the right to dispose of their property as they see fit so long as that disposition isn’t itself unlawful. (E.G. some regulations require the retention of records related to regulated activities for a prescribed period.)
If the ONLY reason to do it is to avoid having to provide evidence, plaintiff’s attorney will have lots of fun with that. If they do it to avoid cluttering up the office with paper or the servers with data, fine and dandy. If it makes plaintiff’s job harder, well, that’s life. As noted, the key is a consistent and consistently enforced policy.
January 25, 2012, 8:54 amSardonic_sob says:
Too true. Movie plots aside, any reasonably technically savvy person WHO ISN’T LAZY can secure digital data to the point where for all practical purposes, it’s not retrievable by anybody else, and can make such failure of retrieval look like an accident. The key is not to get lazy – don’t reuse passwords or encryption keys, don’t wait to batch encrypt things, etc, etc.
While there’s no real limit on how many hoops you can make somebody jump through to access data, I’ve always been fond of the “three things” philosophy: to prove you’re you, or to access something that’s supposed to be secure, you should have to provide three things. These are usually stated as, “Something you know, something you have, and something you are.”
As an example, if I were to install World of Warcraft on my work computer (which I would never do) you would have to have all three to access it: Something I know (my Warcraft login,) something I have (my Blizzard-provided RSA authentication generator,) and something I am (my fingerprint: my work computer is biometrically secured.)
January 25, 2012, 9:04 amShelbyC says:
Uh, no. I’m not much of a criminal, I only commit three felonies a day. And I’m not one of the folks trying to come up with ways that people can lie and conceal information from the police. But the legal distinction at issue here is whether or not the government is requiring communicative conduct from the accused that will incriminate him or her.
If the prosecutors and judges are so smart, they should drop the inapt metaphors. In these cases, the government is saying that they are unable to complete their searches because they are unable to access information on the hard drive. But this is just false. The cops have access to all the information that the defendant has access to.
If the judges want to explain why it doesn’t violate the 5th amendment to force the defendant to tell the police how to interpret the data, as opposed to how to access the data, they are free to do so. But if they’re just going to use “access” as a metaphor for “interpret” in a way that makes it seem like they don’t understand the difference, people who do understand the difference should call them on it.
January 25, 2012, 9:11 amShelbyC says:
To use a different analogy, what’s going on here is like the judge saying, “your honor, because the accused won’t tell me where he was on March 23, it’s as if his location is written in a document locked in a safe that only he knows the combination to”
And the judge says, “I order you to produce the document locked in the metaphorical safe that the prosecutor describes.”
January 25, 2012, 9:16 amPeoples Press Collective | Colorado Politics | You didn’t want your Fifth Amendment rights, anyway, did you? : says:
[...] types can (and likely, will) go on ad infinitum about the precise wording of the ruling and the meaning of every last comma. I myself indulged in a little when the case’s decision was still imminent. Fricosu may [...]
January 25, 2012, 9:21 amShelbyC says:
Suppose I encrypt the data twice. If I decrypt it once, have I complied with the judge’s order? Or am I compelled to reveal what the data was before I altered it originally?
January 25, 2012, 9:26 amSeaDrive says:
Because the only incriminating message of being forced to decrypt the password — that the suspect has control over the computer — is already known,…
Who determines what is known, and what is not?
January 25, 2012, 9:39 amShelbyC says:
Let me try a different approach. How can a copy of a document, not the original, ever be evidence of anything in a way that’s distinct from the communicative aspect of the production of the document?
January 25, 2012, 9:43 amShelbyC says:
No, not in the same way at all. In the former, the document is sitting unaltered in the safe, and in the later, the government needs me to alter information that it already has in its possession to get it back to the state it was before I altered it?
How can I be asked to produce a “true and correct copy” of a document when I don’t possess the original, and the government already possesses the only copy?
January 25, 2012, 10:06 amJoe says:
Nik, it doesn’t matter. I will know you are using TrueCrypt and once you decrypt the first level (and if you can’t do that, then having the “hidden” volume is pointless), I can calculate how much space should be available. If it isn’t, I know there is a hidden volume and/or data. For TrueCrypt (or any encryption) to work, there still must be some organization, some way for that program to identify what it needs to deal with. In other words, the media is still organized at a level the operating system is aware off to enough of an extent as the determine there is data being used. There are workarounds, but none of the practical.
A rough analogy is having an item with a hidden compartment. To a casual observer, the illusion may be complete, but once you have physical access to the item, measurements will quickly reveal the presence of a hidden compartment.
The big lesson is that once you have physical access, security drops precipitously (to the point where if you don’t encrypt your data with a very long, obscure key, you should assume you have no security at all. In this case, I’ll wager the password is breakable through simple brute force methods–I’ve tried some password cracking programs and was rather surprised at how good they were, even for what I thought were obscure passwords.)
January 25, 2012, 10:16 amOrenWithAnE says:
Think about a shredded document. How can you tell (without knowing anything at all about how the shredder operates) whether someone has given you the properly assembled version?
Nothing. There is also nothing that stops the court from punishing a perjurer for lying.
The Fifth Amendment doesn’t cover “information” at all. It’s an interesting thought experiment to see what sort of corporate malfeasance could be rendered entirely unpunishable by substituting in the word information …
The document is sitting right there under the encryption layer, in it’s perfect and unaltered state — heck, it’s probably even checksummed!
By your reasoning, every transformation somehow “erases” its input data — so if I take a file and then put it in an archive, I can’t say “this file exists in such-and-such archive” or if encode it with base64, I can’t say “the file exists in base64 encoding”.
The government here was going to give the drive back. At that point it becomes possible for the defendant to produce the document.
January 25, 2012, 10:24 amNAME REDACTED says:
Um, they do. Ask any accounting firm. They have massive shredding days, or hire companies to do document disposal. The entire purpose of which is to destroy incriminating evidence as… they know the are likely guilty of something they just don’t know what. (i.e.: Three Felonies a Day)
January 25, 2012, 10:26 amGary Britt says:
I understand your point about the physical differences between paper documents in a safe and encrypted electronic documents. My point however is that those physical differences are substantively irrelevant to how the law should be applied. Substantively (yes not physically but substantively) encryption is a virtual safe wrapped around electronic documents. Whatever the law is as it applies to paper documents inside a real safe should be the same law for electronic documents inside a virtual safe (encryption). I don’t agree its akin to creation of something that doesn’t exist. In substance (if not in physical bit format on the hard disk) the clear text documents already exist and are contained inside the electronic virtual safe of encryption.
Gary
January 25, 2012, 10:38 amBill Johnson says:
Man, lawyers have such trouble with the english language. Clear statements like the first, second, fourth and fifth amendments to our constitution are understandable by nearly anyone with a high school education.
It takes a lawyer to warp those words into what they are not. And that’s one fundamental problem I have with our legal system today.
January 25, 2012, 10:38 amRick Boatright says:
the formatting thing doesn’t help. If they siezed the computer, the first thing they did was a track by track bit for bit copy of the drive.
It seems to me that this is turning on a simple distinction between a 4th and 5th amendment issue.
If you have a vault containing your secret files, a 4th amendment search order can result in your being ordered to open the vault. Refusing to give them the combination results in the locksmith opening it, or trying to.
Even if the vault has flame throwers that destroy the contents if it’s not opened with the right code, I’m not sure that I understand how being ordered to give over the combination to the vault, or the password, is a fifth amendment protected speech. It really looks more like standing in front of the door to the file room blocking the entrance and saying “no, no I don’t care if you have a warrant, you can’t go in there.”
It’s not self-incrimination speech, it’s agreeing to a 4th amendment warrant search. You don’t have to LIKE the search, the search may inevitably lead to your conviction, but your fifth amendment rights don’t trump the search warrant.
January 25, 2012, 10:39 amhtom says:
There is no way to prevent your setting up a TrueCrypt volume inside another TrueCrypt volume.
Volume (public, secret (public, secret (public, ….]
While there’s talk of wrapping something in encryption, that’s talk, not reality (at least if the encryption is properly done.)
If criminals communicate in code, rather than cypher (think WW2 and the code-talkers), can the court compel some one to translate a recording or writing of such communications?
January 25, 2012, 10:48 amdisintelligentsia says:
Are there any cases directly on point where someone, say like Capone’s accountant, used a cypher to encode his or his boss’s records and the court compelled the production of the cypher over 5th amendment objections? Computer encryption is the same, the only difference is the first was done mechanistically by hand and the other mechanistically by computer. Both require slavish adherence to the cypher for the encoding and decoding to work and the most important differences between them are of no legal significance (speed of encoding and decoding and mathematical strength of the underlying cypher algorithm).
January 25, 2012, 10:53 amStephen Lathrop says:
I’m fine with different legal standards for getting potentially incriminating information from corporations than from natural persons. You can’t torture a corporation, so I don’t see why you would need to give it Fifth Amendment protection. Officers and employees obviously have to be treated as natural persons, but the corporation itself, not at all.
I’m also not impressed with the argument that if you can’t compel decryption, corporations will be free to run riot and hide their malfeasance. The smallest ones, maybe. The others involve too many real people, who may have reason to say what they know. Once the fat is in the fire, a corporation is not going to get away with selectively choosing documents from an encrypted archive to defend itself, but selectively concealing other documents that would prove incriminating.
January 25, 2012, 10:55 amEllen says:
What he said. In less elegant terms, if the government really WANTS some certain info, it becomes “Screw the Fourth and Fifth Amendments. Bend over and spread your cheeks.”
January 25, 2012, 10:58 amjr says:
I really don’t understand this opinion. How is it different than a case where the individual knows the location of evidence that would incriminate him and refuses to disclose it on the grounds that it would incriminate him? How can one be compelled to give information that he knows would lead to incriminating information? Aren’t the courts destroying the privilege against self-incrimination just because a computer is involved?
January 25, 2012, 11:12 amIs it a Fifth Amendment Issue? - The Chop Shop says:
[...] Orin Kerr has more thoughts about this case here. Is It Share-Worthy? Hide Sites $$('div.d966').each( function(e) { [...]
January 25, 2012, 11:17 amTimothy A. Jumonville says:
You mean to tell me that since it was a “foregone conclusion” that Bonnie and Clyde robbed Banks, they had no 5th amendment rights to say nothing?
Isn’t that the same thing as is being said here?
Note: I’m not a lawyer or even close, just a guy who considers himself to be relatively intelligent.
January 25, 2012, 11:26 amCrafty Hunter says:
I’m enraged by the thought that an arrogant federal judge believes he has the right to dump semantic diarrhea all over the Constitution in the process of forcing a U.S. citizen at gunpoint to violate her fundamental right to not testify against herself. That the defendant appears to be the usual unsympathetic character is irrelevant.
David Schwartz’s and ShelbyC’s posts on the matter have been excellent. The government is indeed claiming the right to force a defendant to produce additional information over and above what the government already possesses, by transforming one set of information into another set of information that did not exist before the transformation, notwithstanding the game-playing with trying to redefine the plain meaning of testimony from the contents of the mind of a defendant into “producing a key”.
For that matter, the entire concept of forcing a defendant to “produce a key” is deeply flawed with which to begin. By definition, the defendant must exercise the contents of his or her mind to perform any action at all; this is exactly what is protected by the concept of not allowing government thugs to violently terrorize helpless prisoners into performing like trained monkeys. The defendant has a basic human right to simply go limp and refuse to aid the thugs in their quest to obtain evidence that the thugs want to use to hurt the defendant.
Also, I’m not sure if this has come up, but what about the case in which the defendant simply refuses to say *anything* to the court? Note that this is total silence in the face of interrogation, which is supposedly a right that cannot be abrogated under any circumstances. How does the judge justify tossing the client into jail indefinitely for refusing to testify as to *anything*?
The entire affair is utterly disgusting.
January 25, 2012, 11:27 amRobert says:
Does a defendant have to disclose his whereabouts at the time of the alleged crime? If not, then I would argue that since computer files have “created” and “modified” time-date details, then providing the password to these encrypted files would be tantamount to providing the government with defendant’s whereabouts at the time of the alleged crime.
January 25, 2012, 11:37 amNik Bougalis says:
Again, you fundamentally misunderstand how TrueCrypt hidden volumes work. Even if the “non-hidden volume” is mounted, there is no indication that a hidden volume exists. That’s by design.
The TrueCrypt pages explain how this happens in detail, and in relatively easy to understand language. You may wish to read them quickly, since explaining it here is probably slightly off-topic.
January 25, 2012, 11:40 amTroll Feeder says:
The mush that I have discovered is meaningless without knowledge that exists nowhere but in your brain.
You must give me the information that exists only in your brain so that I can turn this mush into something with which I can successfully prosecute you.
Not so, fraulein?
January 25, 2012, 11:42 amCrafty Hunter says:
I’m enraged by the thought that an arrogant federal judge believes he has the right to dump semantic diarrhea all over the Constitution in the process of forcing a U.S. citizen at gunpoint to violate her fundamental right to not testify against herself. That the defendant appears to be the usual unsympathetic character is irrelevant.
David Schwartz’s and ShelbyC’s posts on the matter have been excellent. The government is indeed claiming the right to force a defendant to produce additional information over and above what the government already possesses, by transforming one set of information into another set of information that did not exist before the transformation, notwithstanding the game-playing with trying to redefine the plain meaning of testimony from the contents of the mind of a defendant into “producing a key”.
For that matter, the entire concept of forcing a defendant to “produce a key” is deeply flawed with which to begin. By definition, the defendant must exercise the contents of his or her mind to perform any action at all; this is exactly what is protected by the concept of not allowing government thugs to violently terrorize helpless prisoners into performing like trained monkeys. The defendant has a basic human right to simply go limp and refuse to aid the thugs in their quest to obtain evidence that the thugs want to use to hurt the defendant.
Also, I’m not sure if this has come up, but what about the case in which the defendant simply refuses to say *anything* to the court? Note that this is total silence in the face of interrogation, which is supposedly a right that cannot be abrogated under any circumstances. How does the judge justify tossing the defendant into jail indefinitely for refusing to offer testimony about *anything*?
The entire affair is utterly disgusting.
January 25, 2012, 11:42 amKevin M says:
Trucrypt does exactly this. It can be set up with an outer encrypted area and an inner (more secure one). One encrypted volume lies within the other and is indistinguishable from unused area in the outer volume (the software otherwise fills unused areas with random numbers).
To access the data there are two passwords which mount the alternate areas. A person would hide the really secret data in the inner volume, and fill the outer volume with plausibly secret data. If forced to reveal a password, you reveal the outer one.
Even if a court believes that there exists an inner volume, there is no way to prove that from the disk contents and since this is an optional use of the software, it is quite deniable.
TruCrypt is a free download.
January 25, 2012, 11:51 amJarbidge says:
That’s not how it works IMHE. If I create a standard 2Gb volume that contains a 1Gb hidden volume, mounting with the standard password produces a 2Gb volume into which you can indeed write 2G of data. Doing so will simply overwrite the hidden volume.
There are a lot of potential leaks outside of truecrypt, as mentioned above, but it’s not like you mount the standard 2Gb volume and it says ’1Gb available’.
January 25, 2012, 11:54 amWhat I Think says:
This is what happens when you let someone else do your reading for you.
The Fifth Amendment bars the federals from compelling the People to witness against themselves. Clear, easy to understand.
What’s happening here is that 1) The accused is not one of We, the People, but rather a “person, subject to the jurisdiction”, 2) this artificial person does not have recourse to the original ten Amendments, and 2) the 14th doesn’t bestow that particular immunity.
But that’s not what you were told to think, is it?
January 25, 2012, 12:00 pmforensics_yes_i_do says:
Not with Ironkey. You can’t copy it. That’s the benefit of a hardware solution over software like Truecrypt
January 25, 2012, 12:01 pmDisappointing Ruling in Compelled Laptop Decryption Case | Electronic Frontier Foundation says:
[...] Professor Orin Kerr has more thoughts about this case here. [...]
January 25, 2012, 12:06 pmKevin M says:
Actually, the outer volume has write access to the entire space. One must be careful not to write so much data as to overwrite the “free space” sectors actually containing the inner volume and its file structure. Since the outer volume is not actually used for anything but the plausibly-secret content (such as legal porn), and is only written to at setup, the actual user is in little danger of doing this. A policeman attempting what you suggest would likely destroy the inner volume eventually, but that’s not the suspect’s problem.
January 25, 2012, 12:08 pma leap at the wheel says:
“The document is sitting right there under the encryption layer, in it’s perfect and unaltered state”
This is both conceptually and technically incorrect.
January 25, 2012, 12:14 pmAn Observation says:
Let us assume that you had a piece of paper in plain sight which the police found while executing a search warrant. The paper had the following on it:
EATOIN SHURDLU QWRTYUIOP ASDFGHJKL; ZXCVBNM,./
The police overhear your jail house conversation that the above contains encrypted evidence of a crime.
Can a judge force you to decrypt the piece of paper? What if you were lying in your jail house conversation?
OrenWithAnE, this is precisely and exactly the case in discussion; it matters not how the paper is encrypted – whether by hand, machine, or not at all – nor does it matter if it is physical paper or bits in a computer.
This case is a 9-0 loser for the prosecution in the Supreme Court.
January 25, 2012, 12:17 pmShelbyC says:
I’m still not sure how providing a copy of a document where the original doesn’t exist can ever have any value outside of the communicative aspect of the production. It could be that, in this particular case, the grant of immunity is effectively a grant of immunity for anything found on the hard drive. Suppose she produces the encrypted contents of the hard drive, and it contains contraband images. Then what?
January 25, 2012, 12:26 pmSF Alpha Geek says:
That’s not how it works at all – there is no “hidden compartment” in the outer volume. The inner volume is indistinguishable from (and part of) the free space in the outer volume. You can, in fact, inadvertantly destroy the inner volume by adding files to the outer volume.
January 25, 2012, 12:30 pmIspep Teid says:
Judges and juries.
January 25, 2012, 12:52 pmSebeliuos says:
Won’t work. They will image the drive before trying to recover any data.
What does work is using a “duress” password. TruCrypt offers this. They enter the duress password and get junk files. Go do your job next time, pigs.
January 25, 2012, 12:55 pmMike P Wagner says:
Embedded software is software. If the bits are stored, they can be retrieved.
January 25, 2012, 1:07 pmSF Alpha Geek says:
Interesting – I hadn’t considered that before. I just tried to copy one w/ Encase and I couldn’t, so it might be possible to actually use the Ironkey data wipe capability on the live device under duress (under the guise of having forgotten the correct password.)
What would be really nice would be a hardware solution like Ironkey that implemented an optional inner / outer volume solution – even better would be a device that had one password for the inner volume, one password for the outer volume, and one password that said open the outer volume and wipe the inner one.
January 25, 2012, 1:15 pmMike P Wagner says:
Embedded software is software. If the bits are stored, they can be retrieved.
January 25, 2012, 1:16 pmSF Alpha Geek says:
Interesting – I hadn’t considered that before. I just tried to copy one w/ Encase and I couldn’t, so it might be possible to actually use the Ironkey data wipe capability on the live device under duress (under the guise of having forgotten the correct password.)
What would be really nice would be a hardware solution like Ironkey that implemented an optional inner / outer volume solution – even better would be a device that had one password for the inner volume, one password for the outer volume, and one password that said open the outer volume and wipe the inner one.
January 25, 2012, 1:20 pmColoradan says:
1. Colorado has spectacularly bad judges.
2. If the issue is a “forgone conclusion” then why does the prosecutor need the files at all? The very phrase implies that the issue has already been proven. And, of course, if it hasn’t been proven, then how is this not self-incrimination?
3. Beware biometric passwords! The judge probably can’t force you to disclose a password (am eager to see this case appealed) but he or she most certainly can force you to sit still while the computer reads your iris.
January 25, 2012, 1:22 pmCarol Herman says:
Sunlight!
The judge is saying “he is the highest authority.”
But,, he isn’t!
The 5th Amendment will TRUMP!
What can the judge do? Have Fricosu tossed in jail?
NOW? Sorry, but there’s sunlight coming through the window.
I’ll give odds that Fricosu does NOT produce the key!
Sure. The judge can toss the lady into jail. But does he want to get sunburned?
January 25, 2012, 1:29 pmCarol Herman says:
Didn’t the Supreme’s just rule UNANIMOUSLY, that cops need a warrant to stick a GPS device on your car?
What’s a warrant? It’s a piece of paper some copy needs to get a judge to sign. And, so far, even though rubber stamp technology is well known … (Unlike mortgages you can robo-sign) … there’s no market for falsifying a judges’s signature.
As to the judge in the Fricosu case … he’s human. So, I’m just gonna guess here … that colleagues are jamming his phone lines with advice.
What kind of advice might work now for the prosecutors in the Ficosu case? DON’T GET COCKY.
January 25, 2012, 1:37 pmShelbyC says:
Calling it a virtual safe doesn’t make it a safe, substantively or in any other sense. The problem for the government is that the documents don’t exist, but they are mathematically derivable from data that does exist if the defendant provides additional data. But how do we know that the encrypted copy that the defendant provides are really copies of what is on the hard drive? She has to say that they are, that’s the only way we know.
January 25, 2012, 1:43 pmJohn A. Fleming says:
There’s another angle to this case, from reading the document. The police are ordered to give her a true copy of the disk drive. She requested it for discovery.
It might be that she (and her lawyer) wants access to the disk to recover exonerating evidence, to get this case closed. The judge is saying, sure, but if you get to recover the unencrypted contents, you’re also required to give the same data to the police.
Her lawyer’s gonna be pissed when she can’t remember the password.
January 25, 2012, 1:50 pmhtom says:
Further, if she -does- divulge the password, there is no way for her to know that someone has not tampered with the contents of the hard drive.
Hypothetical:
Sam is accused of having evidence of crime X encrypted on his computer. He eventually provides a password; the decrypted information is personal but not the proof the government claims was there. Further confinement produces another password. Other, embarrassing information is revealed, but still not the desired proof. Sam remains confined; his lawyers object, demanding a trial on the evidence that the government claimed already exists. Government claims the evidence is in the hard drive.
How long does Sam have to wait in jail?
January 25, 2012, 1:54 pmarch1 says:
ShelbyC:
“Well, I don’t see a difference, and nobody has been able to supply one, so I don’t know.”
I think I now see one difference; maybe you can comment on its salience in a 5th amendment context-
With David Schwartz’s scenario (in which the defendant is required to supply the purported translations of codewords – “package” means “illegal drugs,” etc.), there’s at least a theoretical possibility that the translations have been govt-fabricated and forcibly elicited from the defendant.
With the decryption key scenario, it seems much harder for the govt to fabricate the allegedly-resulting cleartext (and riskier too, since it’s much easier for a vigilant defense to prove any such fabrication).
January 25, 2012, 1:55 pmCarol Herman says:
Nope, I’m not a lawyer. But I love to read. And, I prefer history and biographies. So, I know, we’ve had some top notch jurists up on our Supreme Court.
Today’s ruling (if you’ve seen it, already) has to do with the Second Amendments GUARANTIES … And, the snippet. Or money quote goes back to an opinion crafted by Justice Harlan. In 1967.
Can you pass a Bar Exam without knowing this?
The “reasonable expectation of privacy” test flowed from a Justice Harlan concurring opinion in Katz v. United States, 389 U.S. 347 (1967).
January 25, 2012, 1:57 pmSeaDrive says:
Not juries. This is a pre-trial matter. The judge has decided that the evidence shows that suspect owns the computer. But the judge could be wrong, at least hypothetically, and that could lead to a witch-floating scenario. Suspect doesn’t know and can’t reveal the password, goes to jail, or suspect does know and does reveal the password, goes to jail.
January 25, 2012, 2:00 pmDavid Schwartz says:
Should the law as it applies to paper documents inside a real safe be the same as the law for documents inside the virtual safe of the human brain? If you accept this kind of reasoning, all that will be left of the Fifth Amendment is production immunity and police will be able to coerce evidence that leads them to admissible evidence. If you can coerce information out of a person, it must have been in the virtual safe of their brain all along, right?
January 25, 2012, 2:05 pmDave says:
What if a person didn’t memorize the password, but wrote it down. But they kept the written copy in a safety deposit box in a country with no extradition? Upon being ordered by the court to decrypt, they’d have to leave the jurisdiction to comply.
January 25, 2012, 2:24 pmGary Britt says:
We disagree. Its function or purposes is exactly the same as a safe. The function or purpose of a safe is to limit access to something that already exists. The function or purpose of encryption is to limit access to something that already exists. If it didn’t already exist then no safe or encryption would be needed.
You are wrong that the documents don’t exist. Clearly they do or there would be nothing to encrypt. The mathematical formula stuff and how bits are arranged on the hard drive are merely describing how the combination lock on the virtual safe work. Doesn’t take away from the substance that the documents are inside beyond the combination to the virtual safe. Just like in real safe.
Her requirement to say the copies are the same as what is in the safe is exactly the same for a real safe and paper documents and a virtual safe with electronic documents.
Gary
January 25, 2012, 2:37 pmOrenWithAnE says:
@Rick Boatright, I think Crunchy Frog’s point wasn’t that you have a right to refuse to comply with a lawful warrant or order, only that in many cases it might be preferable to refuse to comply and face the penalties for contempt or obstruction.
Right, and so you couldn’t compel Gates to provide the decrypted version of the emails in my hypothetical in which he personally controls the private key of which the public pair is used to encrypt all email archives?!
The court ordered the production of the documents, not the metadata. Nor did they order the production of the password itself.
Give me a few IronKeys to test on, a scope and a soldering iron and I’ll make you a bitwise copy of the flash in time for dinner. Decrypting it is a different matter, but yanking flash out of a plastic enclosure is child’s play.
For whatever reason, we’ve chosen to give significantly more protection to the testimony that comes out of a brain than to the physical evidence that comes out of a computer. That’s the distinction we’ve made …
January 25, 2012, 2:39 pmDavid M. Nieporent says:
No.
See Orin’s post from Monday.
January 25, 2012, 2:42 pmGary Britt says:
Interesting to a point,but really just a strawman. The brain and memory aren’t documents, electronic, biological, or paper. Knowledge and memory inside a human brain are not exact, unchangeable things like documents whether paper or electronic.
Another related point would be what is the protection of the 5th amendment designed to protect? Torture or coercion to obtain testimonial evidence – correct? What if a machine is invented that can read memories and knowledge from a person’s brain?? Reading such information from a person’s brain would certainly be a search, but is it coerced testimonial evidence?
Certainly the argument could be made that its no more a violation of the 5th amendment than forcing someone to give a blood sample.
The 5th amendment doesn’t protect knowledge and information it protects getting testimonial information and knowledge from an accused through coercion and torture. Brain reading wouldn’t necessarily be coercion and torture, just a search requiring a warrant?
Interesting questions to which I don’t know the answers I’m sure.
Gary
January 25, 2012, 2:52 pmJohn A. Fleming says:
I think my comments are being lost again, so I’ll reiterate:
January 25, 2012, 2:53 pmFrom reading the document:
1. There may be less to this case than warrants all the Sturm und Drang above.
a) the lady (and her lawyer) want the disk back for discovery, presumably to recover exonerating evidence,
b) the Judge rightly says, both you and the police get the same evidence.
b) so he orders the police to give a copy of the encrypted disk to the lady, and the lady to give an unencrypted copy to the police.
2. Her lawyer’s gonna be pissed when she can’t remember the password.
3. The Judge needlessly made a Federal constitutional case out of a simple discovery issue.
a) She’s not being compelled to testify against herself.
4. Since ianactl, I have no certain knowledge if the defendant can be required to share exonerating evidence before trial, so We the People don’t waste the Public Purse on a needless trial.
OrenWithAnE says:
At the level of abstraction that the court operates, that’s equivalent to “the documents exist and can be provided to the court by the defendant, if she choses”. Passing a document through a reversible filter doesn’t destroy it — that’s precisely the point of the filter being reversible. For instance, would you say the following are accurate:
(1) I had a document, but then I base64 encoded it and deleted the original, so the document no longer exists.
(2) I had a document, but then I tared (archived) it and deleted the original, so the document no longer exists.
(3) I had a document, but then I bzip2ed (compressed) it and deleted the original, so the document no longer exists.
(4) I had a document, but I ciphered it with AES-ECB (just for simplicity, no one uses ECB) and remembered the key, so the original document no longer exists.
All 4 of those are absurd. Transforming a document with a reversible filter does not destroy the document, any more than scanning a paper document to PDF (or printing a PDF onto a dead tree) destroys the document. This smacks of inability to grok the information/representation distinction that was hammered (apparently not hard enough) into all of us in information theory. If it can be translated back to plaintext, it exists, pure and simple (note that the court isn’t asking for some ontological “original document”, only a true copy that contains the same information — if you want to be pedantic and say that base64ing some data destroys it but then recreates a different set of data that happens to be exactly identical, I suppose I’ll humor you…)
No court will buy any of this nonsense (and to the gentleman that suggests this was a 9-0 in the Supreme Court, I’ll bet $10,000 that this is not the case, push if the Court doesn’t hear the merits for whatever reason).
January 25, 2012, 3:03 pmDavid Schwartz says:
I think the problem is quite fundamental — if she has production immunity, how can they establish that what she provided them is in fact the decrypted contents of the hard drive?
Say she provides what she says is the decrypted contents, but with production immunity. Say it contains evidence of a crime. They try to admit that evidence in Court in a case against her. Her lawyer says, “What admissible evidence do you have that these files were on my client’s hard drive? What admissible evidence do you have that these files weren’t just manufactured?”
The only chain of custody for this evidence is the very thing that’s not supposed to be admissible, right?
January 25, 2012, 3:05 pmShelbyC says:
It does take away from that. The mathematical formula stuff is important because not all the information that was in the unencrypted documents is in the “virtual safe”. Key parts of the documents have been removed and are stored in the defendant’s brain. This is what makes the combination lock analogy inapplicable, and David’s “the package” and “the mark” analogy applicable. This is also what makes an encryption key different from a password. If the cops were demanding a password, the safe analogy would be applicable.
What makes it substantively different is that there is no value in providing unencrypted copies of the hard drive outside of the communicative aspect of the production. If, for example, I open a safe and there is an illegal image in the safe, that image is evidence of a crime. But if I produce an image that is a copy of an encrypted file on my hard drive (or if I produce a copy of the image in a physical safe, for that matter), that is evidence of what, exactly, outside of the communicative aspect of the production?
January 25, 2012, 3:14 pmShelbyC says:
Agreed. The prosecutor hands incriminating documents to the jury, and says what?
January 25, 2012, 3:25 pmhtom says:
The prosecution presents the following, recovered from the defendant’s hard drive:
“ETAON RISHD LFCMU GYPWB VKXJQ Z”
and claims they have discovered that when decrypted this will say “I feel so bad we killed Harry.”
The accused denies this, and is eventually compelled to decrypt the message; and the defense claims it says “Aha! Sharon loved Theodore.”
The accused is then charged with perjury, for falsely decrypting the message.
This whole mess is really wandering into “Prove that you are innocent” territory.
January 25, 2012, 3:36 pmDavid M. Nieporent says:
In one case, you type some characters into a machine, and it spits out the document you had put there. In the other case, you… type some characters into a machine, and it spits out the document you had put there.
In either case, the only bit of incriminating information you’re forced to provide is the fact that you know the relevant characters to type into the machine. And the government cannot use that against you.
January 25, 2012, 3:49 pmDavid M. Nieporent says:
“These documents were on her computer.” (Or, rather, a witness says that; the prosecutor can’t testify.)
January 25, 2012, 3:51 pmShelbyC says:
Agree that if you encode a document it exists, and you can be compelled to produce it. (though i dont think you can be compelled to say that it was, say, ascii before you encoded it) But if you only encode part of the document and destroy the rest, only part of it exists, and you can’t be compelled to produce the whole document, even if you remember the missing parts.
And when you encrypt a document and store the key in your brain, that’s what you do. Only part of the representation of the information exists, the rest has to be provided by the defendants testimony.
January 25, 2012, 4:35 pmShelbyC says:
But the only witness that can testify to that is the defendant.
January 25, 2012, 4:53 pmOrenWithAnE says:
Sure, I’d call all that metadata which isn’t covered by the request for a copy of the original document.
Agreed.
No, the ciphertext is the whole thing. The key is only part of the translation that converts one (encrypted) representation into another (plaintext) representation. The government cannot compel you to testify as to what the key is but they can compel you to provide the plaintext representation.
January 25, 2012, 4:55 pmArt says:
The issue is that the clear text document does not exist. They are requiring you to create a record that does not currently exist.
How is forcing someone to create evidence not compelling testimony.
Art
January 25, 2012, 4:56 pmShelbyC says:
Well, no. In one case, you type in some characters and are granted or refused access (like a safe). In the other, at least in the case of pure encryption without an authentication mechanism, you type in some characters and a bunch of data comes out that may or may not be what you put in, depending on whether or not you type in the key you used during encryption. The reason that the government can’t read the document is because they don’t have all of it, the document is the encrypted data plus the key.
January 25, 2012, 5:08 pmDavid M. Nieporent says:
I’m sorry, but you think that when the government says, “Produce the documents from your drive,” and the defendant hands them something and says, “Here are the documents from my drive,” she can then raise a challenge as to whether those documents are in fact from her drive? Uh, no.
January 25, 2012, 5:38 pmEd Snack says:
Then read the manual, the entire volume is filled with random looking data. You can’t tell if there is a second hidden volume or not by simply looking at the disk at a bit level. It is claimed that the only way to know is to supply the hidden volume password/key, and have yet to see this disproved. Might be possible though…
If you use TrueCrypt you can reveal the not secret partition and it should be impossible to tell if that is not the only “hidden” partition. One should be able credibly deny the existence of the true hidden volume. YMMV though…
January 25, 2012, 6:29 pmNubes says:
The main argument is regarding encryption which I find most fascinating but what about the password retention and contempt? If I can produce 20+ emails from the last 6 months from different websites proving that I often forget my passwords can you still be held in contempt? Seems like the emails (in addition to my zipper being down and dried toothpaste on my face) would show my sincerity in claiming forgetfulness.
And just to stop you smarty law folk before you start- they could try my email password(abc123) on my encrypted topless Beiber pics but it wouldn’t work since I use the password password on those to keep them really secure.
I am so good at playing dumb I even have proof of it.
January 25, 2012, 7:31 pmShelbyC says:
Well, in a criminal prosecution she doesn’t have to raise any challenge, right? The government has to prove the documents came from her drive. And since they can’t use her act of production against her, how do they do that?
January 25, 2012, 7:36 pmforensics_yes_i_do says:
No, they can not. You can not access the data without going through the hardware layer…. period. That is the whole point of Ironkey. And if you try tamper with it to get around the hardware front-end, the data also gets wiped. You really ought to read up on the technology before you post wrong information.
January 25, 2012, 7:56 pmforensics_yes_i_do says:
That is correct. There is no way whatsoever to detect the presence of a hidden volume inside the outer volume. There is no way to distinguish a (properly) Truecrypt encrypted disk from a disk wiped with high-entropy random data.
It is possible to prove the ABSENCE of a hidden inner volume, and that is if you wipe unused file space inside the outer volume with known pattern data. But that is cryptographically a bad idea, because that would make your outer volume weaker to certain cryptographic attacks.
January 25, 2012, 8:01 pmDavid Schwartz says:
It looks like in this case, the Judge ordered the Prosecution to give her the encrypted contents and her to give the Prosecution the decrypted contents. It prohibited the Prosecution from using the fact of production against her. Frankly, I’m baffled. Without admitting the fact of production, the specific thing she was granted immunity on, I don’t see how the government could even admit into evidence the decrypted contents. “Here’s some information we got somehow” doesn’t pass as a chain of custody. Only the testimony of the person who decrypted the data could possibly establish that the decrypted files did in fact correspond to the data found on her computer.
Also, if she gives them a blank hard drive back, how can they prosecute her for perjury, obstruction of justice, or the like without using the fact that she produced the blank hard drive against her? Again, the very thing they need is the very thing they promised not to use.
January 25, 2012, 8:28 pmhtom says:
(Attempt to bump displayed comments from 177 to 199. Some server along the way is casching too heavily.)
January 25, 2012, 8:51 pmhtom says:
(That didn’t work, now there are 173!)
January 25, 2012, 8:52 pmShelbyC says:
The ciphertext isn’t a representation of anyting without the key. This is the governemnt’s whole problem. You would agree that a document doesn’t exist if it’s encrypted and nobody knows the key, right?
January 25, 2012, 8:54 pmChris W says:
So… time for a programmer to make an encryption program that has two passwords: one password for what you really want encrypted and one for a red herring.
i.e. I encrypt my plans for world domination with the passphrase “no mr bond I expect you to die!”… if nabbed by the police, I say the passphrase is “fluffy bunny fetish” and all they get are videos of rabbits making babies.
January 25, 2012, 9:32 pmnonegiven says:
The IRS once prosecuted a case that depended on a (cross cut)shredded document that had been painstakingly pieced together by investigators. The judge threw the case out because of the reasonable expectation of the defendant that the document had been destroyed.
January 25, 2012, 10:17 pmGary Britt says:
If you produce a copy of an image from a safe and say this is a true and correct copy of the image in my safe, that is evidence of the contents of your safe. I’m afraid I must be missing your point.
Gary
January 25, 2012, 10:39 pmGary Britt says:
Nope. You are arguing that there is a substantive difference between a password and an encryption key. There just is not real world difference. Bits and mathematical formulas not withstanding, there is no practical or substantive difference between the effects of a password protection and encryption key.
Only abortion law versus homicide law turns on such issues of form over substance like the absolute GPS coordinates of the baby at the time it is killed determines whether its a legal abortion or an illegal homicide.
Gary
January 25, 2012, 10:50 pmDavid Schwartz says:
She can’t raise such a challenge in any context other than her own criminal trial. But in her own criminal trial, since they cannot admit the fact of production against her, she most certainly can raise such a challenge.
The fact of production is the only way they can authenticate the documents, and the authenticity of the documents will be a key issue at trial. What does it mean to say “We won’t use X against you in a trial, but we will say facts we deduced from X to the jury. And we won’t explain any rationale to the jury, so there’s no way the jury can evaluate them critically. We’ll just tell the jury to assume they’re true and you cannot contest them.”
The whole point of having a fact be inadmissible at trial is that you can complain to the jury that the Prosecution couldn’t prove that fact, or use it to prove other facts. Otherwise, what purpose does it serve if the Prosecution can state the very fact that wasn’t supposed to be admissible (or conclusions drawn from it) and you cannot contest their accuracy?
What does the Prosecution say to the jury? “Here are some incriminating documents we got somehow.”
If she gives them a blank hard drive, how do they charge her with perjury, obstruction, or contempt without using the fact of production against her?
January 25, 2012, 10:56 pmOrenWithAnE says:
Of course it is. Just as much as a bzipped archive is a representation of its content even without the bzip2 binary …
B
January 25, 2012, 11:04 pmIf the defendant wants to respond that the document cannot be produced (and, of course, the court cannot compel the impossible) because nobody knows the key she is free to do so.
ShelbyC says:
Correct. But other that my saying that this is what’s in my safe (which you can’t use), you have no evidence of what’s in my safe. But this problem is easily solved my requiring me to open the safe and looking in there for yourself. But it’s not easily solved in the case of an encryped hard drive.
There certainly is. Essentially what the government has to prove, in the case of encrypted data, is that the data on the hard drive, when manipulated using other data not on the hard drive, reveals incriminating information. So the contents of the data that is not on the hard drive is part of what the government has to prove. In the case of a password, the government doesn’t have to prove anything involving the password, they just need the password to access the data that is already on the hard drive (well, they don’t need it, but we’ll pretend that they do).
January 25, 2012, 11:17 pmOrenWithAnE says:
Let’s take this to it’s logical conclusion: when VISA decrypted the contents of my credit card authorization did the create the transaction?
There’s implicit authentication in the syntactic and semantic content of the message. If someone gives me a reassembled shredded document, I can see immediately if the letters line up and the words are English and the sentences make sense. The same is true, but even moreso, for computers in which the input are far more tightly structured.
To put it concretely, for a 1MB message and a 128 bit key, there are only 2^128 out of 2^(2^20) possibly message (one for each value of the key) or a scant 10^(-315615) fraction of all possible messages. The odds that one other than the original input comes out as syntactically valid is basically zero.
TL;DR: you absolutely know without a doubt whether the data that comes out is meaningful, even without authentication/checksumming.
January 25, 2012, 11:18 pmMIke says:
My non-lawyer take on this is that the 5th amendment protects people, not information. A search and seizure is access to things, some of which might contain information. There no exceptions for “important” information nor for information that the police don’t understand. (The “reasonable” qualifier pertains only to how the search is done.) Testimony is what assigns meaning to what has been found or seized. In this case, only the defendant can assign meaning to the encrypted data because only she (presumably) has the key. Requiring her to produce the plain text is thus constructively testimony. The court’s ruling in this case is thus unconstitutional. Whether encrypted data should be treated this way is a separate issue which is best settled by legislatures, not courts.
January 25, 2012, 11:21 pmShelbyC says:
You wouldn’t need the binary, but you would need the bzip2 archive structure represented somehow, right?
January 25, 2012, 11:24 pmDavid Schwartz says:
Just as there is no practical or substantive difference between a document locked in a safe that only I can open and a piece of information held only in my memory. I wish Fifth Amendment law turned on real world differences, but it doesn’t, and that’s the way it is.
January 25, 2012, 11:26 pmOrenWithAnE says:
Sure, but that’s got nothing to do with the content of the message. The same bzip2 transformation filters (structure + parameters + implementation) operate on all inputs and outputs — they do not have any information about what it is they are archiving or unarchiving.
January 25, 2012, 11:37 pmShelbyC says:
No, but you need the information in order to produce the document. Keep in mind that the question is not whether or not the document can be re-created, but whether it can be recreated without the defendant’s testimony. Suppose the defendant was the only person in the world that understood how a bzip2 archive was structured. You wouldn’t argue that requiring him to say how he encoded the information was non-testimonial, would you?
January 25, 2012, 11:50 pmAsh says:
What if you shred a document containing gibberish?
–ducks and runs–
January 26, 2012, 12:27 amBarry Kearns says:
It’s not terribly difficult to construct a program which stores ciphertext via the placement and arrangement of large bodies of plain text, all of which is human readable and semantically valid English text. Look up printed steganography for examples. It’s quite inefficient with respect to the storage space required to support such a venture for anything particularly large, but hard drive space is quite cheap.
It’s also reasonably trivial to take such a base program and modify it so that it distributes the payload amongst a very large field of data, where the locations used for storing the meaningful data are a function of the encryption key itself, thus facilitating the ability to store multiple different ciphertexts within a single large field where the choice of key that you use determines the resulting output.
Assume arguendo that a defendant has such a program in their possession, and because of the nature of the algorithm that I’ve described, the entire contents of the data field is already a form of plaintext.
The police, understanding the nature of such a program, insist that its presence on the defendant’s computer, along with the absurdly large amount of not particularly interesting plaintext, is de facto evidence that the defendant has used this process to conceal information.
Can the court lawfully order the defendant to provide the means to translate selected portions of that large amount of plaintext into another set of messages entirely, regardless of what the contents of those messages are?
If the court can and does, if the defendant asserts that the reason they installed such a program was to ensure privacy for incriminating and embarrassing information, can the court lawfully compel the production of that information by compelling the defendant to supply the “encryption key” which will produce it?
If so, and the defendant does supply an “encryption key” which extracts data consistent with the defendant’s earlier assertions (but not in line with what the police suspected), can the defendant be held in contempt for not producing an additional key which would extract data that the defendant insists does not exist?
How does the defendant prove that they have provided all valid keys, and thus produced all possible hidden messages?
The same system works without computers, if someone is simply writing down a significant number of gibberish phrases in personal journals, where the meaning of particular phrases might be significant only to themselves.
If the police assert that, hidden amongst the detritus of these journals are secret messages that are vital to their case, but which can only be translated by the defendant creating for them a new document which states in plain English what the meaning of those phrases are… can the court lawfully compel the defendant to create such a translation for them?
If so, how can the defendant ever stand against the assertion that he or she has produced some secret information, but not all? How can a defendant show that they have actually produced a true and accurate representation of what was previously hidden from view… and most importantly, how could the above NOT be seen as compelling a defendant to incriminate themselves?
January 26, 2012, 12:49 amBarry Kearns says:
Much shorter example:
Arguendo I have a journal which, on the date of a particular crime, states the following:
“Dogs barking. Colonel Wilson wears neon pajamas. The moose walked sideways at midnight.”
Can the court lawfully compel me to tell them how to translate those phrases into what they suspect is incriminating information that would help them to prosecute me, and if so, how is that not compelling self-incrimination?
Is the case any different if that journal is stored digitally on my hard drive?
January 26, 2012, 1:08 amGuest12345 says:
Let’s say that I have two series of digits, A & B. A & B are each eleven elements long. You came into possession of these two lists of numbers by seizing them from two different couriers. You XOR these lists together and get a resulting list of numbers that when interpreted as ASCII spell out “kill george”. Is A the cipher text and B the key or is B the cipher text and A the key?
January 26, 2012, 1:19 amDavid Schwartz says:
I think you’re forgetting that they’re not asking her for the decryption key, so that they can perform the decryption. They are asking her just for the decrypted contents.
Say I encrypt a 1MB, English text file with a 128-bit AES key and a sensible encryption mode. You can tell if a given key is the right one. But if someone presents you with a 1MB, English text file, I don’t see any possible way you could prove or disprove that it was the correct decrypt of the original 1MB encrypted file.
The only way to do that would be with the key or with the testimony of the person who decrypted it.
January 26, 2012, 2:32 amDavid Schwartz says:
I just realized, there’s an even better response to this. The government isn’t asking her to produce the documents from her hard drive. The government is asking her to decrypt some encrypted data that the government alleges it found on her hard drive. It is also possible that the government found out her encryption key, fabricated those contents, and then went to this elaborate showing to bolster its fabrication. She is *absolutely* free to argue that the decrypted files don’t correspond to what was on her hard drive, and the government must respond without using the fact of production — an impossible task.
January 26, 2012, 3:19 amDavid M. Nieporent says:
If she wants evidence to be excluded? She certainly does.
A government witness testifies that the documents came from her drive.
January 26, 2012, 4:03 amDavid M. Nieporent says:
It’s solved in exactly the same way.
No. What the government needs to prove is that Ramona Fricosu committed bank fraud. If a document — let’s say, a spreadsheet or correspondence — on her hard drive helps prove that, good for them. If she wants to contend that the document doesn’t prove that — whether because there’s an innocent interpretation of the document, or because she’s never seen it before and has no idea how it ended up on her hard drive — she can do that. On the other hand, if she wants to contend that the document wasn’t actually on her hard drive, either her lawyer is going to find himself in trouble for such a frivolous argument or she is going to find herself in trouble because she was ordered to produce what was on her hard drive. But the whole encryption thing is a red herring, no matter how cute you think you’re being scientifically by making the argument.
January 26, 2012, 5:29 amDavid M. Nieporent says:
Right, which is why the fact that she produced the plain text can’t be used against her. But the text itself is not testimony.
This is doubly wrong. In addition to the mistaken conflation of the fact of production and what is produced, the constitution only protects against the use of compelled testimony against the testifier, not the compulsion of testimony. Witnesses are compelled to give testimony all the time.
January 26, 2012, 5:39 amDavid Schwartz says:
She doesn’t have to contend anything. If the government wants to admit the decrypted files into evidence in the criminal trial against her, the government has to establish that the files were on her hard drive. Because she has production immunity, the government has to do that without using the fact that she decrypted them and provided them to the government. So what does that argument look like:
1) We seized a hard drive from her computer.
2) It had encrypted contents.
3) We have this incriminating file.
4) ?
January 26, 2012, 11:04 amrichard40 says:
Let me ask a question. If the cops have a search warrant to search your home for incriminating financial documents, and you have a safe, are you required to give them the combination, or can you refuse, at the cost of them having to break into your safe. That seems like a completely equivalent case to me. In each case there is info the feds want, and they either need your help to get it, or without your help, would have to break in. In the case of the computer, if you refuse to give them the password, they can still break the encryption. It might be harder than breaking into a safe, but it is still possible. Actually, if you have some really huge safe, like a bank vault, then breaking the encryption, vs breaking into the safe, might even be equally difficult.
If the safe analogy holds, the next question is if the gov damages the safe when they break into it, are they liable for damage, if they find nothing incriminating. Part of this question could hinge on whether you were willing to tell the gov under oath that there was nothing relevant to the case that was in the safe, but you didn’t want to give up the combination for privacy reasons, of because there might be evidence that could incriminate you on an unrelated charge. If the gov then broke in, could they use the info they might find on the unrelated charge?
January 26, 2012, 11:19 ambostonian says:
Unencumbered by any degree in law, I am free to wonder why the underlying principles–if not the letter–of the 4th Amendment is not implicated here. That is, why is any search of my mind, by whatever protocols proposed (such as “enter the password–we won’t watch”), an inherently unreasonable search?
January 26, 2012, 12:08 pmEAK says:
We are at over 200 comment, and yet we are still trying to apply some sort of “safe” metaphor to encrypted date. This is why our legal system fails when it comes to technology, our lay lawyers, and judges who refuse to try to understand what a technology is, applies some ridiculous metaphor and runs with it.
The prosecution would have access to every bit of data on the defendants computer, there is no 1 or 0 hidden somewhere behind some locked door that the prosecution cannot get to. The burden to make sense of the data should be up to the prosecution.
By forcing the defendant to produce unencrypted versions of the file should be a 5th amendment violation, because you are requiring the defendant to use her knowledge to manipulate the evidence into something the prosecution wants.
January 26, 2012, 12:27 pmbostonian says:
Sorry, meant to ask “why is it NOT an inherently unreasonable search?”
January 26, 2012, 12:30 pmeddie says:
The argument about whether decryption is revealing or creating a document doesn’t seem to be going anywhere. I think both sides understand each other’s position, but I haven’t seen anything particularly enlightening or persuasive on the point in pretty much the entire thread.
The issue that David Schwartz and David Nieporent are discussing of whether the plaintext can be admitted without using the fact of its production is much more interesting.
My question: can evidence be admitted if its provenance cannot be established? Can the prosecution say “Here is a video of the defendant stabbing the victim with a knife and watching him bleed to death, but I can’t tell you where it came from or how we got it”? Can they say “Here’s a knife with the victim’s blood and the defendant’s fingerprints that we found somewhere – nowhere in particular, mind you, just somewhere”?
If not, how is that different from the present case, where the prosecution will (presumably) introduce incriminating documents – like emails discussing the fraudulent scheme, or forged property records, or spreadsheets showing how the stolen money will be distributed – but where the prosecution is prohibited from introducing the fact that the documents were produced by the defendant? … or is that not the case, and if not, why not?
January 26, 2012, 12:34 pmShelbyC says:
No, that’s exactly the government’s problem. The contents of the hard drive, unlike the contents of the safe, have no meaning unless the defendant says, “I encrypted the contents using key xyz123″ or “This is a copy of what my hard drive looked like before I encrypted it.”
As David Schwartz said, the fact that a document exists doesn’t prove anything. I could come up with a document that says that you committed bank fraud, but unless I can show where I got it, the document is useless. And the government is precluded from using her act of production to show that the documents came from her hard drive.
January 26, 2012, 12:35 pmShelbyC says:
It’s really the same issue. The inability of the plaintext document to show anything at trial is a symptom of the underlying problem, that the government is relying on the communicative conduct of the defendant.
January 26, 2012, 12:56 pmOrenWithAnE says:
Submitting evidence is never testimonial under the 5A.
You can continue to elide or ignore the evidence/testimony distinction, but it’s just not very convincing. The act of turning over a document to which you have access (alternatively: going in court and pleading that you have no access to) is not testimonial — it does not tell the court anything.
Absolutely correct, but no different in the case of encryption. When the DoJ told Microsoft to turn over emails, how can they tell that those are the original emails and not some doctored or edited versions? When a landlord submits a lease to a court in an motion to allow eviction, how do you prove or disprove that it was the lease that the tenant signed? Heck, when you ask a witness a question, how can you prove that they are telling the truth?
This is a general problem that you are making far more specific than it needs to be — and it has a general solution that we have cross-examination, rebutting witnesses/evidence and stiff penalties for perjury and contempt.
Does your copy of the 5A use the words “knowledge” or “evidence”? Because mine refers only to the word “witness”, which is a lot more restrictive. Maybe there was a transcription error in my copy ….
January 26, 2012, 1:08 pmShelbyC says:
No, but the act of altering the evidence to make it understandable to the court using knowledge that is not documented anywhere except in my head certainly tells the court something, it tells the court what the evidence means.
In all of these cases, you are relying on the communicative conduct of the individuals involved, right?
January 26, 2012, 1:53 pmShelbyC says:
Let me ask a question: suppose the unencrypted contents of the hard drive turned over by Ms. Fricosu reveal documents that show that a crime was committed by a third party. Is there any way that these documents can be admitted against the third party without Ms. Fricosu’s testimony?
January 26, 2012, 2:06 pmBarry Kearns says:
The Electronic Frontier Foundation (eff.org) filed an amicus brief in this case, back in July of 2011.
It offers (what appears to me to be) a fairly compelling case as to the distinctions that I’ve been trying to point out in my examples.
Searching for Fricosu on their site will easily lead to a link to that brief. Good reading, IMO.
January 26, 2012, 2:44 pmDavid M. Nieporent says:
This is an overstatement, Oren. It can be testimonial, and can tell the court something. What’s at issue (to oversimplify slightly) is whether the government knows about the document or not. If the government says, “Turn over all the documents in that safe over there,” that is not testimonial. If the government says, “Turn over all the documents that show X,” that’s partially testimonial.
In this particular case, her turning over the documents is testimonial in that it’s a ‘statement’ that it’s her drive and she can access it. And that’s what can’t be used against her — her ‘statement’ to that effect. The prosecution can’t tell the jury, “This document was encrypted on her hard drive and she decrypted it for us.” But that’s a far cry from ShelbyC’s position.
January 26, 2012, 4:12 pmDavid Schwartz says:
But the only way the government witness can reach this conclusion is because that witness knows that she produced the documents, knowledge that cannot be used against her in her criminal trial, directly or indirectly. You seem to be arguing that a person can be compelled to say X by a grant of use immunity and then a government witness can deduce Y from X and then testify to Y. But use immunity extends to derivative uses.
January 26, 2012, 4:19 pmShelbyC says:
Correct. My position is that currently, the government’s evidence consists of a hard drive with a bunch of numbers on it. And the defendant is, in effect, being compelled to reveal to the government, from her mind, what other numbers they have to multiply the numbers that they already have by in order to get different numbers that can be decoded into incriminating documents. This is, by any definition, new information that the government is seeking to use against the defendant.
January 26, 2012, 4:28 pmhtom says:
WRONG.
There is a huge difference. A password returns one message, and no message if it’s the wrong password. A decryption key will return one message, which may or may not be the encrypted plaintext. (It may be a nonsense message, or one that needs further decryption to arrive at the original plaintext.
Very different.
January 26, 2012, 5:49 pmShelbyC says:
Even if it’s not excluded, she can simply say, so what, you have a document that says “I committed bank fraud”. So what? Without proving that the document is linked to me it doesn’t show anything. Of course, I’m sure she can argue that the document can be excluded because the government can’t prove its provenience without using her act of production.
What David S. said.
January 26, 2012, 5:52 pmJon Shields says:
Oren and David, isn’t there a line-drawing problem with your position? Let’s assume for the sake of argument that there is legal difference between forcing the defendant to say what key they use to give meaning to the data, and asking a defendant to say what the words “mark” or “target” are in a letter.
Werever the ultimate line is between those two cases, won’t defendants in the future just change encryption schemes to look more like the “mark”/”target” case? Why wouldn’t a defendant use a scheme that could produce lots of completely valid interpretations of the same transformed data, depending on how it is interpreted? This might be inefficient (and take up more space), but I don’t see what is stopping them from doing so.
If your argument is it correct, how would you draw a line (between typical encryption and explaining the meaning of words or patterns) that can’t be evaded?
January 26, 2012, 7:32 pmDavid Schwartz says:
They have a chain of custody — they got the emails from Microsoft. But if the DoJ found a file in a trash bin in Omaha, Nebraska that looked like it might be some Microsoft emails, surely it wouldn’t be admissible without some kind of corroboration.
Either the landlord or the tenant testifies to that effect. Or an expert witness testifies to the accuracy of the signatures. Or something. Surely there has to be *something*.
Surely I can’t just find a lease in a garbage can and claim it’s the lease between Jack Smith and Jane Doe. Can I?
The extent to which the witness is credible is something the jury has to determine. But the witness has to testify to facts that they know and can’t use or rely on facts obtained through a grant of immunity.
The specific problem in this case is that other than the act of production, for which she has immunity, there is no way at all to establish that the documents were found on her hard drive. There is no witness in existence who can testify to that fact without relying on the specific fact for which she has use immunity.
There are many ways people can put evidence beyond the reach of the government. If all evidence was always supposed to be accessible, we’d allow torture and not have any Fifth Amendment.
January 26, 2012, 8:23 pmJon Shields says:
Sorry, I meant David M. Nieporent (and those who argue that an encryption key is not protected).
January 26, 2012, 8:48 pmDavid M. Nieporent says:
Nobody has argued that the encryption key was not protected. She was not required to disclose the encryption key. She was merely required to produce an unencrypted copy of the drive.
January 26, 2012, 9:14 pmOrenWithAnE says:
The court did not ask the defendant to “alter” the document, quite the contrary, it requires an unaltered true copy. That document speaks for itself.
No, emails turned over are evidence, not testimony.
I know at least 5 of my CS/information-theory profs that would object strenuously to this definition. Encryption is a bijective transformation that, as we know, preserves information perfectly.
I think the line is drawn at the point where the transformation applied is deterministic one. If they had a computer program that replaced “mark” with “victim” and “target” with “murder”, they could be compelled to run it and provide the original.
But Microsoft may have fabricated some. Or omitted some. Or edited some.
January 26, 2012, 10:00 pmShelbyC says:
Ciphertext + cipher + key preserves information. Ciphertext by itself preserves nothing (that’s the whole point). And the key doesn’t exist anywhere but in her head. This is why the only way the government can recover the information is to have her assert what the key is, which is communicative, or have her assert what the document said before she encrpyted it, which is also communicative.
Btw, how can she assert that she is giving them a true decrypted copy of her hard drive? All she can do is assert that she decrypted the data the cops gave her with her key, right?
In any event, suppose she didn’t use commercial encryption. Suppose they heard her telling her husband, “Yeah, there’s an incriminating file on the drive. But I tweaked it with a hex editor such that they’ll never recognize it. I know how to change it back, though.” Would it not violate the 5th amendment for the judge to order her to produce an un-tweaked copy of the file? If so, why is this different?
January 26, 2012, 11:52 pmShelbyC says:
An unencrypted “copy” of the drive is not really a copy. It is the data on the drive, combined with information in her head, that produces a new set of more useful information. It’s the same as if the cops find a piece of paper that says, “the evidence is located in locker number [The year of my second boyfriend's birth * the year of my best friends birth / 7 + 83].” Now she could easily produce an uncrypted copy of this message, but requiring her to do so would be testimonal.
January 27, 2012, 12:03 amShelbyC says:
Even in this case you can say, well, I found it in garbage can X, let the factfind draw whatever inferences from this fact. With a document created by the accused with “act of production” immunity, all you can say is that the document exists.
January 27, 2012, 12:07 amlionsdentist says:
A smallish point regarding David Schwartz’s point about the prosecutorial usefulness of the Document, assuming that chain of evidence could not be presented. IANAL, but it seems to me there could be situations where obtaining the Document could still be useful:
1) If the Defendant were take the stand, she could be presented with the document or even–without mentioning the existence of the document–information from the document (“Are you familiar with this document?” — would she be immune from perjury if she said “No”? Or, “Here it says a meeting with X took place. Do you know X? What did you do at that meeting?”)
2) Information in the Document might allow them to discover other evidence. E.g. if Document stated that certain contraband had been hidden in a certain location, LEOs could go search that location, find contraband, and independent evidence from contraband (fingerprints, DNA, etc) could finger Defendant, without reliance on the Document itself to implicate Defendant. This other evidence could be admissable, no?
3) Document could be self-proving of its provenance. Maybe it has details about Defendant (comings and goings, passwords, recountings of conversations, mannerisms, or just brute volume of personal detail) such that, along with a wink (acknowledging that “We, the Prosecutor, can’t tell you how we got this Document, but you all can figure it out, can’t you?), the connection of Defendant to Document is proven beyond a reasonable doubt.
Thus the Document as a stand-alone piece of evidence might be unusable, but there might be these (and other) fruitful uses for the Prosecution.
Am I missing something? Would these all be foreclosed as fruit of the poisonous tree?
January 27, 2012, 2:20 amDavid Schwartz says:
If a document states that certain contraband has been hidden in a certain location, that doesn’t yield probable cause to search that location absent some reason to believe the document is valid. Otherwise, “I have 10 bodies in my backyard.” (There, I just said it.) would justify a search warrant.
Either the government uses her act of production to get the warrant, in which case any evidence found is derived from a fact on which she has immunity, or the government has no probable cause. If there’s a way around this, I don’t see it.
The government can’t compel facts in exchange for immunity and then use those facts to get warrants for evidence they can then admit. (If they could, they’d be doing this all the time.)
That only proves that the author of the document had access to a similar legitimate document. I can trivially make a list of true facts and insert a false one in there. To make the argument that because most of the claims are true, the claims about things unknown to us are true requires specific information about the source of the document.
For example, say you have a list of places I ate dinner each day. You can verify many of them. One of them claims I ate dinner 100 miles away from the place someone claims I committed a crime. Can you argue the document is self-authenticating and thus exonerates me of the crime? Well, yes, if a private detective following me made the list. But no if I made the list — I could easily have made it accurate about everything but the times I committed crimes.
I don’t see how you can do anything with it without a chain of custody.
January 27, 2012, 3:10 amJon Shields says:
I don’t think that is accurate. A brute force (though impractical) would show otherwise. Sure, it is possible that the real key produces giberish, and it is only a coincidence that another key produces a set of well-formed files. But I don’t think that level of doubt is sufficient to make the existence of the unencrypted files a foregone conclusion. The probability of this can be measured, and it is not meaningfully distinct from zero. The fact that a process exists that will provably reveal the unencrypted contents (without the key) seems to indicate to me that the unencrypted contents “exist” even without the key.
I’m not sure how much this gets the prosecution, however. People are asserting above that an encryption program can create a secret inner hidden volume inside an outer encrypted volume, with the hidden volume being random noise indistinguishable from free space in the outer encrypted volume. Apparently, TrueCrypt specifically makes all outer-volume free space random noise (even for everyone without an inner volume). If this is true, there is literally no way to distinguish an outer and inner volume from an outer-only volume with more free space.
If that is true, the prosecution would seem to be out of luck. Even if they could compel the production of the key to the outer volume, they cannot prove the existence of an inner volume at all. It would not be a “foregone conclusion” that an inner volume exists — in fact, it probably does not exist! Nearly everyone who encrypts a hard drive leaves free space on the hard drive, and no one without the correct key can tell the difference between encrypted free space and the encrypted inner volume. There would be no evidence that an inner volume existed (let alone enough to meet the preponderance standard necessary to claim the existence is a “foregone conclusion”).
This is why I think this is a game of cat-and-mouse that the prosecution will ultimately lose in the future. The solution above (and other solutions) change the question from “give me the unencrypted document that I can show exists” to “how do you typically interpret this set of random bits, that I cannot prove is encrypted at all?”
January 27, 2012, 5:53 amJon Shields says:
This would also seem to (in practice) protect the defendant even in a hypothetical world where there was no 5th amendment. If the doctrine changes to say that one can be compelled to produce the unencrypted version of something that the prosecution can’t even prove exists in an encrypted form, the defendant would just say that the random noise is free space (as it would be for most people who use Truecrypt).
The prosecution could attempt to charge the defendant with perjury. But if the best cryptography researchers in the world can’t figure out how to distinguish an encrypted inner-volume from the random-noise free space in an outer volume, I doubt the prosecution is going to have much luck.
January 27, 2012, 6:03 amDavid Schwartz says:
If this is true, then everything we thought we knew about the Fifth Amendment is wrong. Say I know some bank account number the government wants. One could check every account at every bank and ultimately find the one the government seeks, so this “exists”, it’s just “encrypted”.
If the test is “there’s no Fifth Amendment privilege if there’s some possible lawful way the government could get the information”, then there’s basically no Fifth Amendment privilege. After all, the government could get pretty much any information by offering everyone a billion dollars and total immunity, so that information “exists” already.
January 27, 2012, 6:06 amNik Bougalis says:
Your brute-force argument proves David’s point I think. Without the key, there are no unencrypted documents. Only encrypted blobs. How you go about obtaining the key – whether I remember it and you brute-force it – is irrelevant. The bottom line is: no key, no unecrypted documents.
January 27, 2012, 6:10 amDavid M. Nieporent says:
I think by “we” you mean “you.” The Fifth does not protect ‘information.’ (That’s why forcing people to provide blood, fingerprints, handwriting samples, etc. does not violate the Fifth.)
But how does the fact that encrypting information doesn’t cause it to cease to exist cause you to rethink anything about the Fifth Amendment?
I don’t think encrypted means what ShelbyC thinks it means, and I definitely don’t think it means what you think it means.
The test for what? That’s not anybody’s test for anything.
Indeed it does exist. But what does that have to do with the Fifth Amendment?
January 27, 2012, 7:02 amJon Shields says:
All I was making was the following proposition: the unencrypted version of the file system can be proven to exist (at least according to the standard of proving a “foregone conclusion”) without any input from the defendant. The prosecution can’t practically decipher the content of the documents without the defendant’s input, but it can prove that the unencrypted documents exist without any input from the defendant at all.
What’s the proof?
1. The computer says on boot: “Truecrypt: Please enter your passphrase.”
2. Truecrypt uses an encryption process that makes it essentially impossible to accidentally create a valid file system (with any key) that is not the exact file system that the user specifically encrypted. The probability of this being false is likely similar to the probability of producing the entire collective works of Shakespeare with a random number generator.
3. A brute force algorithm will always provably recover the file system encrypted by the user.
There are theoretical counters to this proof (what if the user specifically made it look like they were using Truecrypt, but actually just stuck a bunch of random bits on the drive). But these would not come close to defeating the prosecution, since (apparently) all they need to prove is that exactly one unencrypted document exists, by a preponderance of the evidence.
One could argue that the unencrypted document does not physically exist on planet Earth until it is decrypted, even if it could be transformed into something that does exist. But that argument would seem to apply to any zipped archive. The fact that decrypting a document takes longer than uncompressing a zip file seems to be irrelevant to the question of whether the document exists. Since the document can be produced without knowledge of the key, the fact that the key makes the process go faster doesn’t appear very relevant (any more than a faster zip file uncompressor).
———————–
However, this argument is probably futile outside of this case. If defendants start using encryption that is mathematically indistinguishable from free space on a Truecrypt volume (since Truecrypt makes both indistinguishable from random noise), the prosecution cannot even determine whether or not an inner encrypted volume exists inside the outer one. They certainly can’t prove such a volume exists.
That appears to be a pretty robust method to avoid compelled production of encrypted documents. The Truecrypt system was designed to prevent discovery of the existence of an encrypted volume by technologically-sophisticated criminals — ones who might even try to beat the correct password out of the rightful computer’s owner if they thought such a volume existed. The entire point of the system is to make it possible to deny the existence of the inner file system, with no fear that anyone will figure it out. It wasn’t designed for the purposes of keeping law enforcement in the dark, but that appears to be exactly what the system does.
January 27, 2012, 7:20 amDavid M. Nieporent says:
I think that’s exactly right.
Yes, but only to the extent the government already knew about the program, I think. Otherwise, it would violate the Fifth.
January 27, 2012, 7:36 amSardonic_sob says:
For technical purposes, that is a huge difference.
For legal purposes, there is no difference.
There is not an appeals court in the land which would sustain an objection to contempt charges or other sanctions on the grounds that one party asked for a “password” it needed to access something and the other party denied the existence of a “password” when the second party knew that what the first party really wanted and was lawfully entitled to obtain was an encryption/decryption key, and the second party had possession of said key. Even a technologically sophisticated judge is not going to buy that. “He needs to access the file, I agreed that he’s lawfully entitled to access the file, and so do you. You know what he needs to access the file. You are playing games to avoid allowing him to do what we all agree he is entitled to do. Sanctions are in order.”
If the second party didn’t agree that the first party was lawfully entitled to access the file, they might very well have a sustainable objection on those grounds, but that’s an entirely separate question, which is why in my hypothetical there is no disagreement that the first party is entitled to do so.
January 27, 2012, 9:50 amShelbyC says:
How would we feel if the government knew about the program, but they needed defendant to provide the words “victim” and “murder”, which they don’t know. Because that is analagous to what is going on here.
The government has access to every shred of information that the defendant has access to. They just don’t have metaphorical access to the unencrypted files, because they don’t exist, and won’t unless the defendant provides additional information from her brain that causes them to exist.
January 27, 2012, 10:42 amShelbyC says:
I’ll take another crack at this one:
If I tar or base64 encode a document, and the judge orders me to produce an ascii version of the document, it’s perfectly legit for me to say, “your honor, an ascii version doesn’t exist”. If the judge then says, well, be a pal and convert it for me, he’s probably not violating the 5th amendment because, as you suggest, the transformation doesn’t add any new information to the governement’s body of knowelege. However, it is laughable to suggest that transformating an encrypted document into an unencrypted document doesn’t add any information to the government’s body of knowelege, that’s exactly what they want. And the new information is derived from the key, stored in the defendant’s brain.
January 27, 2012, 11:15 amJon Shields says:
I don’t think that is completely analogous. Given sufficient time, the government could provably get the user’s encrypted file system. Likewise, given enough time, the government can provably extract an unencrypted zip file. The fact that one takes longer than the other does not matter; either both exist, or both do not.
You are arguing something does not exist, when one can write a mathematical proof that upon the completion of a well-defined process (with no information from the defendant), the thing that “does not exist” will be visible and fully available in plain text. That makes no sense at all. The encryption key merely makes the process faster; the file system most certainly would exist (and could provably be determined with brute force) even if everyone forgot the key.
When one key produces the file system, and every other key produces garbage (with probability indistinguishable from 1), getting the user’s file system is possible with probability about 1. That would seem to indicate that it exists.
In the “victim” and “murder” case, the missing words could mean anything. You cannot prove one objective answer exists (without the defendant), because you cannot prove the existence of a process that will certifiably give you the words the defendant was thinking (without the defendant’s cooperation).
January 27, 2012, 11:26 amJon Shields says:
A key to a wall safe might be exactly what they want as well. The result of getting that key would most certainly add to the government’s body of knowledge. Yet no one here argues that they are not entitled to the information in the safe.
Likewise, when the government says “produce page X of Y,” it doesn’t matter that the page might be on an encrypted drive. The defendant is obligated to turn over the page. The only difference here is that instead of “page X of Y,” it is “the unencrypted version of Z.” It is completely well defined, it provably exists (see above), and it is within the power of the defendant to get.
Your distinction with a zip file doesn’t seem to matter legally; the relevant factors would be whether the thing being asked for exists, is specific and well-defined, and whether the defendant can turn it over.
January 27, 2012, 11:40 amJarbidge says:
I fear you are forgetting one-time-pad encryption (which can’t be brute forced on any time scale; every possible plaintext is equally likely).
(BTW, anyone interested in deniable encryption might want to check out section 10.8 ‘Hiding Ciphertext in Ciphertext’ in Schneier’s ‘Applied Cryptography’ (my ed. happens to be the 1996 one, there may be more current versions.))
January 27, 2012, 12:02 pmShelbyC says:
I think part of the problem is that people are confusing information with evidence. The only physical evidence that exists is the hard drive, and the cops have complete access to that. And given enough time, they may be able to determine the significance of the data on the hard drive, just like they may be able to determine where the body is buried given enough time, that doesn’t mean that they can compel the defendant to tell them.
If the cops were able to determine the key without the defendant, they could print out the documents on the hard drive and hand them to the jury. And the government’s expert could say, “These documents were found on the defendant’s hard drive”. And the defense lawyer could say, “what? Why do you say these documents were on the defendants hard drive? Our expert looked at the hard drive and all he saw was random crap.” The expert can say, “well, yes, but when we ran that random crap through a decryption algorithm with the key xyz123, these documents came out.” And the jury would determine from that evidence whether or not the documents are on the hard drive. But the “xyz123″ component is a crucial piece of evidence, provided through testimony. And here, the government wants the defendant to provide it through her testimony.
In the case of a safe, the document inside is itself evidence. But an unencrypted copy of a hard drive isn’t evidence of anything, it’s the hard drive itself that is evidence.
January 27, 2012, 12:33 pmShelbyC says:
Maybe that’s the problem. Maybe you can explain what you think it means?
January 27, 2012, 12:42 pmhtom says:
Just for future giggles, I’ve just made a new 4 gig flashdrive into an initialized TrueCrypt volume. There are no files in it, no data.
Any information anyone decrypts from it, from now to the heat-death of the universe, is something they’ve randomly created from the pseudo-random noise, it was not put there as such by my actions to be decrypted.
—
Say I’m a bad guy, need to find someone to blame for my misdeeds. I install a keyboard sniffer on Patsy’s computer, get her TrueCrypt password. While she’s not looking, I install incriminating documents into her drive. Time passes. Pursuit getting close, I hint to the cops Patsy’s guilty. They grab her computer, she provides a decrypted copy. Proving she’s guilty, in the blindfolded eyes of the court.
People have entirely too much faith in computers. No one knows what’s in an encrypted drive. They may think and hope they do, but that’s all.
January 27, 2012, 12:50 pmShelbyC says:
OK, let me try to explain the legal relevance of the distinction between a password and an encryption key better. The government is perfectly entitled to examine your hard drive. And there’s no 5th amendment protection against them using your computer to do it. So if you enter your password, your computer checks it, and if it’s correct, it provides the data that is already on the hard drive. So the information contained in the password doesn’t help the government prove anything.
But when you encrypt a message (assuming symmetric encryption for simplicity’s sake) the computer does math against the contents of the message and stores data complex enough that the original message can’t be recovered. And when you provide the key that you used to encrypt the message, the information contained in the key is a crucial piece of evidence that the government needs to convict you.
January 27, 2012, 1:39 pmDavid M. Nieporent says:
Taking another crack at it, but saying exactly the same silly thing.
The suggestion that “adding information to the government’s body of knowledge” is what the fifth amendment is concerned with is wrong on so many levels. Again: there is no fifth amendment protection in the contents of the documents. And the key, no matter how many times you try to spin it, is not part of those contents, and is not part of the information being disclosed. It’s the documents themselves that are being disclosed.
January 27, 2012, 1:41 pmBarry Kearns says:
You are making an assumption that is demonstrably not true in all cases. I outlined at least one of them earlier in the thread.
As you perform your deterministic process (which would take longer than the current lifetime of the universe in some instances), multiple different keys will each produce different fully-usable results. Which of these results are true, and which are artifacts?
If the defendant asserts that they only used two keys within that system, and both of those keys produce human-friendly outputs, but an additional (and much more difficult) key produces an output which is both human-friendly and deeply incriminating, how do you distinguish whether that is a true result or an artifact?
What if there were several million other keys which demonstrably created human-friendly outputs? Does the incriminating evidence “exist” if the defendant never actually used a key which produces an incriminating result?
January 27, 2012, 1:43 pmShelbyC says:
Correct. Nor is there any 5th amendment protection in the contents of her hard drive. If the government where trying to compel her to disclose her hard drive, or the contents of her hard drive, Fischer would be exactly on point. But Fischer’s relevance ended when the government seized her hard drive. The key, which exists only in her mind, is protected. And compelling her to tell the government the result of some mathematical operation involving the contents of her hard drive and the key in her head violates the 5th amendment for the same reason compelling here to disclose the key does. As I said, it’s the same as if she hand a note that said, “the evidence is located in locker number [the number in my head + 6]” And the government said, look we’re not asking you to tell us what the number in your head is, just tell us what the number in your head plus 6 is.
January 27, 2012, 2:29 pmDavid Schwartz says:
So what’s your response to the wiretap hypothetical? The government executes a lawful wiretap, but it contains evasive encrypted responses. It uses words like “stuff” and “things”.
Surely there’s no fifth amendment privilege in the contents of the wiretap. So can the government compel the Defendant to “decrypt” them by providing it with a transcript free from such encryption and then admit that transcript into evidence against that Defendant?
January 27, 2012, 2:40 pmShelbyC says:
Tell it to SCOTUS. From Fischer:
Here, however, by using the key in her head to provide a decrypted version of her hard drive, instead of an encrypted one, she adds a lot to the sum total of the Government’s information. There is nothing to surrender except her knowledge, the government already has her hard drive.
January 27, 2012, 3:31 pmlionsdentist says:
@David Schwartz
Thank you for your response to my questions, above.
January 27, 2012, 5:00 pmJon Shields says:
Here’s why I think that’s wrong (at least assuming Fischer is correctly decided). Even in Fischer, the contents of the document was unknown to the government. By providing such contents, the defendant was clearly adding significant new information that the government did not have before. In fact, such information might have been decisive in the conviction.
Yet the SCOTUS specifically said that this didn’t matter:
Brennan’s concurrence takes your position (and does not like the majority for that reason), but that concurrence is not the law.
To make this clearer, what if the government demanded a specific form X that it knew the defendant had. They are not asking for a hard drive in this case — they are asking for a specific document (without specifying whether it is on a hard drive or a floppy disk or the Internet or whatever).
Could the defendant say that he cannot provide the plaintext document in question, because it is part of a larger encrypted filesystem?
If that is your argument, you basically just gutted Fischer. You have created a “computer” exception to Fischer Anything on a computer is encoded in some way; one has to go through a process of understanding the file system and reading the file format before they transform the random 1s and 0s to a plaintext document.
Is that your argument? That the defendant can only be forced to provide actual matter, and cannot be forced to transform the contents in any way whatsoever? If you don’t agree with that, then there is little legal distinction between speeding up the transformation with a key, and speeding it up with a zip uncompressor.
January 27, 2012, 6:11 pmJon Shields says:
No, the government cannot compel that, because there is no answer to what those words mean objectively. Such an answer does not exist. The only answer would be to the question of how the defendant interprets those words, and that would clearly be testimony.
By contrast, there is an absolute objective answer to “what is the plaintext of this Truecrypt-encrypted file.” In fact, that objective answer can be provably determined, with probability essentially 100%, without any assistance from the defendant whatsoever. One can write a program to get exactly what the user encrypted, and prove mathematically that the program will return the user’s plaintext.
It really stretches the English language to claim that the plaintext does not exist without the key, when one can provably obtain the plaintext without the key. The key is just like a faster zip uncompressor — it allows the process to take less time.
This is distinct from a different type of encryption, called a one-time pad. In that case, the ciphertext means nothing without the key, because every possible plaintext is achievable through a different key. There is no defined plaintext without knowing the defendant’s key, because key A might convert to “thank you for stealing money for me,” and key B might convert to “how’s the weather?” Any key will produce any message, given a single ciphertext. No process could determine the real “plaintext” without the defendant’s knowledge, any more than a process could determine what the defendant means by “victim.”
This is ultimately impractical for encryption, because the key must be as long as the document being encrypted. But with such an encryption scheme, the ciphertext by itself provides no information without the key. The prosecutor can’t say “produce the plaintext,” because “the plaintext” is not well defined. They can only say “produce the plaintext you tend to look at every day with the key you use,” and that would clearly be a testimonial communication.
With a normal encryption scheme (short keys and long contents), this is not the case — there is precisely one key that is the real key, and the contents can be determined even without the defendant’s knowledge of the key. “Produce the plaintext” in that case would be completely well-defined, just like “Produce form X.”
January 27, 2012, 6:31 pmShelbyC says:
Correct. The document was physical evidence that the government was entitled to examine. By providing the document, they were also providing the contents of the document. This is the same as the defendant providing her hard drive, which was unnecessary because the government seized it. However, Fischer was not asked to provide any additional information from his mind about how to interpret the physical evidence. Fricosu is being asked to do exactly that.
I’d imagine he would say something along the lines of, “I don’t have a plaintext version of that document in any form, and although I could generate one using a combination of information stored on a hard disk and information from my memory, I believe being compelled to do so would violate my 5th amendment right not to incriminate myself.” And I believe he would be right. Because the government is entitled to examine physical evidence, like any hard drives that the defendant has in his possession. But they are not entitled to examine the contents of the defendant’s mind.
January 27, 2012, 6:52 pmShelbyC says:
The government cannot obtain the plaintext without the key, as has been pointed out.
January 27, 2012, 6:55 pmDavid Schwartz says:
Since they are asking only for the decrypted contents and not the key, they are specifically giving up this provability. In any event, I don’t see why there is an objective/subjective distinction. Self-validating observations are just as testimonial as non-self-validating ones.
Now you’re back to no Fifth Amendment privilege in information the government could get some other way. That the government could get the information another way has no Constitutional bearing on the method the government seeks to use, particularly where that way is one the government would never actually employ.
January 27, 2012, 11:21 pmDavid M. Nieporent says:
You’re misunderstanding this, because you persist in ignoring that the law doesn’t make this distinction between a password and key, and therefore you keep confusing the contents of the documents with the fact of the documents. Fischer was talking about the latter. You can’t be forced (sans immunity) to admit you know about the documents; the contents of the documents are unprotected.
She adds nothing to the government’s knowledge by handing over her documents (by providing a decrypted drive) for the same reason that the taxpayer in Fischer added nothing to the government’s knowledge by handing over his documents.
January 28, 2012, 7:03 pmDavid Schwartz says:
Right. The only thing the government is missing is what the documents *mean*. The government already has the documents. And we all already know that she knows what the documents mean.
The problem is, this applies equally well to the wiretap “stuff” and “things” hypothetical. The government already has the wiretap and knows that the people recorded in the wiretap know what it means. So why can’t the government compel those in the wiretap to tell them what it means and admit the “decrypted” wiretaps into evidence in criminal cases against them?
January 28, 2012, 7:36 pmShelbyC says:
In Fischer, the contents of the documents where unprotected because they were written right there on the documents, there was no additional information from the Fischer’s client’s mind necessary to determine what the document said. Turning the documents over to the government didn’t didn’t communicate their contents any more than a lawyer turning over a victim’s head with a gunshot wound that the lawyer’s client had given him in a cooler would communicate the fact that the victim had died of a gunshot wound. Compelling the client to say that the victim had died of a gunshot would would be entirely different.
Here, however, no unencrypted copy of the hard drive exists except in some tortured metaphysical sense. The defendant is being compelled to communicate to the government what the uncrypted contents of the hard drive were, and she is being compelled to use her personal knowledge to determine what they were. This adds information to what the government has in exactly the same way that being compelled to tell the government that a document exists, to produce a document when the government doesn’t know where it is, does.
January 28, 2012, 7:50 pmShelbyC says:
John, I don’t think that this matters, for the reasons I and David S. have given, but in any event it isn’t true. The government has no knowelege if the Truecrypt-encrypted data has a recognizable structure and semantics or if it is other data, perhaps data encrypted with a different mechanism like a one-time pad. Presumably the order to provide a decrypted copy would force her to remove all forms of encryption, no?
January 28, 2012, 8:34 pmJon Shields says:
Actually, the way Truecrypt works is well known. It is even open-source. The government is asking for the Truecrypt-decrypted version of the hard drive.
Of course, perhaps the defendant wrote a Truecrypt look-a-like, and the data is really encrypted in some other way. In fact, maybe the data is just random noise. But all the prosecutor does is have to prove to the court by a preponderance of the evidence that there is in fact a Truecrypt-decrypted version, and the mere theoretical possibility that it is an elaborate fake is unlikely to convince the court.
January 29, 2012, 12:37 amJon Shields says:
The same could be said about the contents of a compressed zip file. Yet I believe courts can force defendants to provide a readable, plain English text version of documents. This is true even if no uncompressed version exists on any computer anywhere in the world. They can force the defendant himself to unzip the file, and provide it in an unzipped format to the prosecutor.
In fact, it goes even beyond zip files. Every file on every computer is stored as a collection of 1s and 0s that bear no intuitive resemblance to the plaintext the defendant is compelled to produce. The government does not need to confiscate a hard drive (which could be on the Internet, or in another country) to get access to the document — it can compel the defendant to decode the 1s and 0s, print it out, and hand it over. In fact, doesn’t this happen every day?
The only difference is that in this case, the defendant has a piece of information that would speed up the translation. This does not seem relevant in the least, according to current doctrine.
January 29, 2012, 12:45 amJon Shields says:
And to be clear, I do not believe an order to remove “all forms of encryption” would be valid, unless they could prove that some distinct thing existed behind it.
For example, if the government said “Produce the copy of form 1021X that you signed on November 20th and scanned into your computer,” and had a recorded call from the defendant to someone else claiming that he had the form, I think that would be a valid order. It doesn’t matter whether the document is on a computer or on paper, or on the Internet or encrypted. The defendant has it, the prosecutor convinced the court of that, and they have to turn it over.
Likewise, the government can ask for the decryption of a Truecrypt-encrypted drive. Only one such decryption exists (according to the Truecrypt spec), and the fact that the defendant could do so faster than the prosecutor seems irrelevant.
However, if the government says “hand over whatever you have after all forms of obfuscation/encryption were removed,” that would not be valid. They are not pointing to something that exists, is specific, and well-defined. If their order is about “anything decrypted” (rather than a specific document), they need to prove that there is such a decryption in existence (by a preponderance).
Likewise, if one has an outer Truecrypt volume (with free space being random noise), and an inner, hidden Truecrypt volume (that is mathematically indistinguishable from the random noise), the government can’t say “produce the plain text of the inner volume.” Why? Because they can’t prove an inner volume even exists. (That’s the whole point of having an inner volume — determination that it exists is impossible without the key.)
The thing that characterizes all of these examples is whether the thing they are asking for exists, is specific, and is well-defined.
January 29, 2012, 1:00 amDavid M. Nieporent says:
No. The government is not missing what the documents mean, and she isn’t being asked to say what they mean. She’s being asked to produce an accessible copy of the documents; what they mean is still up to the government to determine on its own.
You and Shelby persist in acting as if using encryption software destroys the documents and creates entirely new ones. Outside of a computer science textbook, nobody would look at it that way. There is no reason to think of encryption as any different than a password, for Fifth Amendment purposes, or for that matter for just about any other purpose, and I don’t think you’ll find any court that will. Now, you can decide that this means that courts just don’t understand computers, but there’s no reason that courts need to care about that distinction for Fifth Amendment purposes. Functionally, from the point of view of a computer user as opposed to a computer scientist, they’re identical. As I said above, in one case you type in a string of characters and the computer reveals your original documents; in the other case, exactly the same thing happens. It does not serve the purposes of the Fifth Amendment to treat them differently.
January 29, 2012, 3:36 amShelbyC says:
I’m not sure what you mean when you say documents, in this case. In Fisher, the evidence that the government was entitled to examine consisted of physical documents. Here the evidence consists of a hard drive. The government is fully able to examine the hard drive. There are no documents that exist on the hard drive that the government doesn’t have access to. The only “documents” involved in this case are, again, metaphorical.
Suppose Fricosu hadn’t used a computer to store her information. Suppose she had encrypted it by hand, using a key that existed in her mind, and written the cyphertext on a piece of paper. Could she be forced to produce a decrypted copy of that paper? If not, how is this different?
January 29, 2012, 9:47 amShelbyC says:
Why? Suppose tht the government could prove that the document existed somewhere in Yosemite National Park. Since the government could find it by looking in all of Yosemite, could they force the defendant to produce it on the theory that he could do so faster than the procecutor?
January 29, 2012, 10:06 amShelbyC says:
Decoding 0′s and 1′s typically doesn’t require the defendant to provide information known only to her. I’d imagine that if the information were encoded in some custom encoding known only to the defendant, requiring her to decode it would violate the 5th amendment.
I’d be interested to hear your response to the hypo I gave David: If the defendant encryped information by hand and wrote the cyphertext on a piece of paper, could she be compelled to produce a decrypted copy of the paper?
January 29, 2012, 11:10 amDavid Schwartz says:
So why treat information in someone’s head as any different from information on a piece of paper in a safe only that person can open? Other than in some metaphysical, philosophic sense, a brain is no different from a piece of paper.
If you’re going to accept these kinds of arguments, there will be nothing left of the Fifth Amendment except production immunity for the direct information provided. Here, the government seeks incriminating information that, so far as we know, exists only in the memory of the person the government wishes to use it against. The very thing the Fifth Amendment was intended to prevent won’t be prevented by it.
January 29, 2012, 2:15 pmShelbyC says:
The distinction between a password-protected hard drive and a hard drive with encrypted data is the same as the distinction between a piece of paper locked in a safe, and a piece of paper with ciphertext hand-written on it. If you’re saying that there is no legal distinction between those things, fine, but I don’t think that that’s what you are saying.
Here, the government doesn’t have a hard drive with data on it that it can’t access for some reason, it has a hard drive with ciphertext stored on it. If you’re suggesting that it makes a difference, for 5th amendment purposes, that the ciphertext is stored on a hard drive and not written on a piece of paper, can you explain what that difference is?
January 29, 2012, 3:26 pmShelbyC says:
Of course, she could also give the cops what she says in an unencrpyted copy of the hard drive, but with the incriminating information removed. But I guess that would be perjury as well. So her choices are, tell the cops what the incriminating information is, be held in contempt, or commit perujury. Hmm.
January 29, 2012, 3:59 pmJon Shields says:
I would agree with your second statement, if the prosecution has no other information. If the prosecution can’t prove that there is a well-defined decrypted version, they can’t compel the production of it. They can’t just say “give me whatever appears behind this set of random-looking bits,” because they can’t prove that anything exists behind the random looking bits (by a preponderance).
However, if the prosecution can prove that the defendant has a copy of a specific form (that is specific and well-defined), I believe they can force the defendant to produce it (regardless of what encoding it is in).
I don’t believe a decrypted Truecrypt hard drive is legally different. They can prove by a preponderance that a well-defined decryption of a Truecrypt hard drive exists (since the computer itself says it is encrypted by Truecrypt, and by the way Truecrypt works).
You are correct that the defendant is the only one that knows something that would facilitate obtaining the decryption in a reasonable amount of time. And if the case law said that the only transformations the prosecution can force the defendant to make are transformations the prosecution could otherwise make itself, you would be correct. But I don’t think that is a fair reading of the current doctrine; it doesn’t seem to say that. (If it did, it would just as much rule out the compulsion of a specific dated form, depending on how it was stored.)
The only thing the current doctrine speaks of in this case is existence of something specific/well-defined. If an unzipped file can be said to exist (with the defendant being forced to unzip), then so does a decrypted Truecrypt document. The fact that the defendant can do it more quickly seems irrelevant.
The only reason they can compel the Truecrypt decryption is because they can prove (by a preponderance) that Truecrypt was used to make the encryption. If they pick up a bunch of random-looking numbers and letters on a piece of paper, with no information as to what they are, the prosecutor cannot compel a transformation (since they can’t prove that the random numbers/letters represent something that exists, is specific and well defined).
On the other hand, if the defendant admits that the random numbers and letters on a piece of paper are the output of a Truecrypt encryption, I believe the answer would be no different than if the defendant admitted the numbers and letters on the paper were the output of a known file-compression program.
January 29, 2012, 5:03 pmJon Shields says:
Here’s a hypothetical that (I think) gets at what I’m saying.
Imagine if the defendant provably used a version of Truecrypt that only allowed numeric keys up to 2 digits long. It is provable (based on the spec) that exactly one number from 0-99 produces plaintext, in every case.
Would this really be any different than the zip file? Why can’t the prosecutor demand that the defendant produce the plaintext?
If you believe that the only transformations that can be compelled are ones that the prosecutor could otherwise do in a reasonable amount of time, then that would allow this transformation but ban compulsion of one with a longer key.
But if you instead believe (as I do) that all that matters under current law is the existence of something specific and well-defined (and not practicality), the two cases are indistinguishable.
January 29, 2012, 5:19 pmStephen Lathrop says:
Angels and pins, with the purpose of the 5th Amendment nowhere in sight. Anything that requires the agency of the person against whom a warrant has been sought should be ruled out—to keep government from torturing that person. The warrant should entitle the government to unlimited physical access to the place described, and the ability to take what it can find. The warrant authorizes government agency, not compelled agency by the person the government seeks to criminalize. End of story.
I think what this issue is really about is that the government has become accustomed to receiving quantities of “plain view” evidence consequent to using warrants. Encryption would block some of that, in ways the authors of the Constitution seem to have been willing to protect:
Plain view evidence is never particularly described, but custom has admitted it. What about that custom also removes the right of citizens to keep it from view?
January 29, 2012, 5:29 pmJon Shields says:
I am talking about what current case law allows. Current case law allows a defendant to be forced to do lots of things that would violate your test. Your approach was the approach of the Supreme Court in the late nineteenth century, but those decisions were overruled long ago.
January 29, 2012, 6:52 pmJon Shields says:
“Plain view” has nothing to do with this. That is a 4th amendment question, which might matter if the government didn’t have a warrant. But they did have a warrant here.
January 29, 2012, 6:55 pmhtom says:
There seems to be confusion between the legal system’s English, the programmer’s English, and the cryptographer’s English, regarding the words “key” and “password”.
The legal system seems to think that they are exact synonyms.
Programmers think that passwords allow access to data or systems, and that keys are used to encrypt and decrypt data.
Cryptographers think that passwords are used to generate seeds, which can be used to generate keys, which are used to encrypt and decrypt data.
Sloppy speaking and listening (and writing and reading), especially in and by those who are not intimates of the deep details of each mode of communication, are probably most to blame.
January 29, 2012, 7:00 pmDavid M. Nieporent says:
Are we back to this? No; her choices are, turn over the documents (without telling them anything), be held in contempt, or commit perjury.
January 29, 2012, 7:17 pmStephen Lathrop says:
Jon Shields, why would anyone who thinks case law is necessarily dispositive even bother with a debate that takes as its starting point the notion that some (novel?) occurrence has interesting implications—only to resolve questions about whether case law says this, or case law says that, right? Doesn’t that make the Constitution disappear? Which brings me back to my point about plain view evidence.
But maybe there is something I don’t understand. Are you saying that a warrant would entitle the government to seize anything and everything at a search site, even without a plain view precedent? Are you saying that because of the case law the language, “…the persons or things to be seized” now means nothing at all?
January 29, 2012, 8:18 pmShelbyC says:
It would appear that you are using “turn over” in an unusual sense meaning “create, using knowelege that only exists in your brain.” The government already has all the documents. The only reason that the government has to belive that the documents she creates and turns over is a decrypted copy of the hard drive is her communicative assertion that she created it using the same key that she used when she encrypted it.
January 29, 2012, 9:03 pmShelbyC says:
Fair enough. But I’m still not clear on how the decrypted copy is evidence of anything. Suppose the output, in this hypo, is a 10-digit number that is the telephone number of a murder victim, and the cops wish to use this as evidence. How to they show anything without relying on the defendant’s assertion that she decrypted the information using they same key that she used when she encrypted it?
January 29, 2012, 9:27 pmDavid M. Nieporent says:
No, I’m using it in the normal sense. Nothing needs to be “created,” because encryption does not destroy the documents. It just makes them inaccessible, like a password does.
January 29, 2012, 11:34 pmDavid M. Nieporent says:
No; only in some metaphysical, philosophic sense is a brain the same as a piece of paper. This reminds me of when you tried to claim that copying copyrighted material to RAM is the same as ‘copying’ it to your retina. You get far too hung up on form over substance. The fifth amendment is not intended to keep “information” from the government. It’s to keep you from being forced to testify against yourself. Why we treat information in someone’s head as any different from information on a piece of paper is because the Fifth Amendment is intended to keep the government from extracting information from defendant’s heads (and using it against them), not to keep the government from obtaining the information.
I don’t think you understand at all what the Fifth Amendment was intended to prevent. It is not a way to hide evidence from the government. “Nothing left of the Fifth Amendment except production immunity for the direct information provided” is like saying that if you don’t let lawyers assassinate witnesses then there will be nothing left of the Sixth Amendment except the right to have a lawyer speak for you in court.
January 29, 2012, 11:40 pmJon Shields says:
Unlike David Nieporent, I do not believe that the output of the decryption can simply be introduced at trial without independent authentication. The court has been fairly clear that while the contents of the documents are not protected, anything derived from the “testimonial aspect” of the act of production cannot be used. The testimonial aspect would be the admission of the existence, possession, and authenticity of the documents. In this case, the existence and possession were foregone conclusions (allowing them access to the contents). But the authenticity is not.
Since in returning the decrypted documents to the prosecutor, the defendant is admitting that (through the contents of their own mind) that the returned document is in fact the correct decrypted document, anything derived from that admission (and not independently from that admission) cannot be used.
So I think, in your hypothetical, it really depends on what use the prosecutor tries to make of the phone number. I don’t think the prosecutor can just introduce the phone number as evidence at trial, and say that it was found in the possession of the defendant. (That would seem to be using the proof of authenticity the defendant implicitly gave when returning the decryption, and thus would seem to be protected by act-of-production immunity.)
But if instead, the prosecutor called the number, talked with the person on the other end, and that led to other evidence, that other evidence (assuming it could be authenticated) could be used to convict the defendant. That other evidence would be derived from the contents of the decryption (which is fine), but it would not be derived from the testimonial aspect of the act of production of the decryption (in this case, the testimonial assertion that this plaintext is in fact the decryption).
January 30, 2012, 12:08 amJon Shields says:
I actually missed the fact that the 10-digit number was a number of the murder victim. In that case, the number would probably be useless at trial (since the prosecution can’t prove the number is the authentic decryption of the encrypted hard drive without violating the act of production immunity).
The only way it might be useful is if the number was previously unknown to the prosecution, and the prosecution used the phone number to find other evidence (perhaps listening to the voice mail).
January 30, 2012, 12:14 amShelbyC says:
Who says that anything was destroyed? There’s no evidence that an unencrypted version of her hard drive never existed.
But in any event, it doesn’t make them inaccessible like a password does, it makes them inaccessible like a cypher does (well, not like a cypher, it uses a cypher). A password makes the documents inaccessible like a safe does.
And unless you’re arguing that there’s no difference, for 5A purposes, between a safe and a cypher, (and if you are please say so) then the safe analogy doesn’t work.
January 30, 2012, 12:23 amShelbyC says:
Thanks for the thoughtful response. But the 5th amendment protects derivative use as well, right? For example, when the prosecutor calls the phone number in the decryption, to follow your scenario, isn’t he also relying on the testimonial assertion that this plaintext is in fact the decryption? This is a little different from the situation if Fisher, where the lawyer could hand over the physical documents and the account could look at his signature or something and say, yup, this is what I prepared. Here, the contents of the document consists of nothing but content generated by the defendant, so doesn’t any use at all rely on the defendant’s assertion that her decryption is the correct one?
January 30, 2012, 12:44 amJon Shields says:
Yes, it does protect derivative uses of the testimonial aspect of the act of production.
But in my scenario, the prosecutor isn’t relying on that. They are just listening to the voice mail and going from there. The prosecutor could have done the same thing if the phone number just magically appeared in the mailroom, or given to the prosecution by the phone company. They can’t rely on the fact that the defendant had the phone number, but in this case, they are not doing so.
Another example might be that the decryption reveals a video of a crime (or perhaps the location of a safe deposit box with that video). I think the prosecution can present that video, as long as they don’t say that they found it in the defendant’s computer.
January 30, 2012, 12:52 amJon Shields says:
I’m not saying that I cannot be wrong about my interpretation of the case law. Maybe I am wrong. The Supreme Court may have a different interpretation of their past rulings, if this case reaches them. Or maybe they’ll overturn their past case law.
But you made a different assertion. You said:
The exact opposite has been ruled by the Supreme Court in other cases. For decades, courts have been forcing defendants to turn over documents that the prosecution could not otherwise obtain (in certain circumstances).
You are attempting to apply your broad principle — something the Supreme Court has consistently rejected for decades — to this case. All I am saying is that the case law forecloses your broad principle. Maybe there is a narrower principle that prevents compelled decryption that is consistent with case law (and maybe I am wrong in claiming otherwise). But your principle is certainly wrong, unless you are merely arguing that the Supreme Court should reverse itself.
January 30, 2012, 12:58 amShelbyC says:
I’m not sure I understand in what sense they’re not relying on the fact that the defendant had the phone number. Given the fact that the entire content of the information being provided by the defendant was generated by her, doesn’t any use at all rely on the defendant’s assertion that it was decrypted using the same code she used to create the cipher text?
January 30, 2012, 9:32 amJon Shields says:
I don’t think they would necessarily need to use the fact that it was generated by her or provided by her. For example, if someone (not a defendant) just dropped off an address to the prosecutor’s office, and they went and found a body at that address (with forensic evidence linking the body to the hypothetical defendant), they would be able to use the evidence.
I don’t see how that is any different than using the address from a decryption provided by the defendant. Sure, it was provided by the defendant, but the value they get from the address is just that they know the address (just as if it magically appeared in the prosecutor’s office). The value comes purely from the contents — not the act of production.
The jury isn’t going to hear that the address came from the defendant, or (in this case) anything about the process of finding the address at all. They are just going to see the body, and the genetic evidence on the body linking the body to the defendant. There is no express or implied hint to the jury that the defendant had anything to do with locating the body; they would probably just assume it was normal police work.
January 30, 2012, 11:57 amShelbyC says:
Just to be clear, we’re talking about derivative use, right? For example, if the address in your example was found on the defendant’s hard drive, the prosecutor couldn’t factor the fact that the address was found on the defendant’s hard drive into his decision to go to that address. If they could show that they would have gone to that address even if it had turned up by coincidence in random data, then that might work, but that seems awfully unlikely. Or am I misunderstanding?
January 30, 2012, 12:10 pmJon Shields says:
The prosecutor is allowed to use the fact that the address was on the defendant’s hard drive to decide to go to the address. That is a derivative use, but it is derivative of the contents of the drive. That type of derivative use is perfectly fine; the entire point of the contents not being protected is so that the prosecutor can use the contents.
What they can’t do is use the fact that the address was found on the hard drive to convince the jury of anything. (For example, they can’t say “the defendant knew about this address of a common crime clearinghouse, so convict the defendant.”) That would be a derivative use of the testimonial aspect of the act of production.
The distinction here is the same as in the case of a normal subpeona for a document (without encryption). If the government is prosecuting a defendant for tax evasion, and in response to a subpeona, they get back a how-to guide for tax evaders (that doesn’t have the defendant’s name on it), they can’t use the defendant’s posession of how-to guide as evidence unless the existance, posession, and authenticity of the document were already a foregone conclusion.
But if they find the address to a safe deposit box that contains other evidence, they can use the other evidence. That is ultimately a derivative use of the documents, but more specifically, it is a derivative use of the contents of the documents (not a derivative use of the fact that the defendant had the documents).
January 30, 2012, 9:03 pmJon Shields says:
Or to be more specific, you are correct that every use of a document provided by the defendant is by definition a derivative use of the act of production. But that isn’t the question; the question is whether it is a derivative use of the testimonial aspect of that act of production, or only a derivative use of non-testimonial aspects of the act of production (such as the contents).
January 30, 2012, 9:07 pmShelbyC says:
But here the act of production has an additional testimonial aspect not present when turning over unencrypted documents: it involves her generating the documents using the same code she used when she encrypted the drive, and the prosecutor is relying on her assertion that she used the same code that she used when she encrypted the drive. This makes the prosecutor’s knowledge of the contents of the documents derivative of this testimonial conduct, no?
January 30, 2012, 10:20 pmJon Shields says:
I’m not really sure the prosecutor is relying on that in its decision to go follow the evidence trail. One way to look at it is to ask: what if the prosecutor believed the defendant was providing a false decryption? In that case, they clearly are not relying on the assumption that the defendant decrypted it the same way — they are explictly assuming otherwise. But they are still going to follow the evidence (as they would if they got an anonymous tip), just in case it turns up something.
I think you get the same problem with the document case; the prosecutor in that case would be relying on the fact that the defendant did produce the documents requested (implying that he had them in that form — just like an implication that the defendant used the same key). Yet those can still be used.
In both cases, I think you could say that the testimonial aspect of the act of production is relevant, only to assume/verify compliance with the subpeona. Once the prosecution convinces itself that the subpeona was complied with (in both the encrypted and non-encrypted case), the documents become sort of like a “black box.” It is as if they just magically appeared; they can’t tell the jury how they appeared, but they can use them for normal police work.
January 30, 2012, 11:40 pmjd says:
Intrigued by the comment that the unencrypted document does not yet exist, I’ll just add something to muddy the waters. Every possible document exists on the hard drive!
January 31, 2012, 2:13 amConsider a block of random data R. Combine that with your incriminating document D thus:
R (XOR) D => K1
K1 is the secret that reveals your crime, because of the reverse operation:
R (XOR) K1 => D
(I’ll bet you thought R was going to be the ‘key’. Stay with me here.)
Now let’s combine R with one of Aunt Millie’s recipes:
R (XOR) M => K2
and
R (XOR) K2 => M
So, R can be ‘decrypted’ to an incriminating document or a recipe, depending on what key is applied. And there’s no way to tell which is the ‘right’ key.
Any block of random data can be converted to ANY message by application of the right block of random key material.
-JD
jd says:
Intrigued by the comment that the unencrypted document does not yet exist, I’ll just add something to muddy the waters: *every* possible document exists on the hard drive.
January 31, 2012, 2:35 amConsider a random block of data R. It can be combined with an incriminating document, D, of the same size to form a key, K1:
R xor D => K1The key can transform the document to the random block and back:
D xor K1 => RR xor K1 => D
Now, combine the same random block with one of Aunt Millie’s recipes:
R xor M => K2K2 can transform the recipe to the random block and back:
M xor K2 => RR xor K2 => M
So, now we have a single random block of data can transform to the document or to the recipe depending on which key is applied:
R xor K1 => DR xor K2 => M
There’s no obvious difference between these keys. They’re just two blocks of random data. There’s no ‘right’ one. A block of random data R can be transformed into ANY meaningful text by applying an easily determined key Kn.
-JD
jd says:
Sorry about the double post. I thought it had blown away my comment.
January 31, 2012, 2:37 am-JD
Jon Shields says:
You are describing a one-time pad, where what you say is indeed true. There is no single “decryption;” any decryption is possible depending on the key (which must be as long as the hard drive itself).
But in this case, where Truecrypt was used, there is only one decryption and one key. That is how Truecrypt works; one key produces a valid file system, and all other keys do not.
January 31, 2012, 2:59 amShelbyC says:
If they believed that the defendant was providing false decryption, but followed the address anyway, they would still be relying on the fact that the defendant provided it. As I said, if they can can show that, had they believed that the defendant provided a false key, and the data she provided was random noise, and the address turned up by coincidence in the random noise, that they would check it out, they you may have a point, but that seems very unlikely.
January 31, 2012, 7:07 amJarbidge says:
Was Truecrypt the algorithm in this case? I didn’t see that.
But in any event, Truecrypt can be used with two keys, such that different keys result in different, valid, filesystems. Does that make a difference? If so, does N=2 result in a different legal situation than N=infinity[1]?
If the legal situation changes as N increases from 1 to VeryMany, what’s the shape of the curve? Does the legal situation change rapidly from N=1 to N=100, and then flatten, or does it not change much until N is in the thousands or millions? Or is the situation identical for all N less than the max possible number of decryptions, and then the situation abruptly changes?
[1]Is N=infinity for a particular cipertext and a one time pad? I’d think the number of bits in the ciphertext would place an upper bound on N – a one bit ciphertext can only be decrypted two ways.
January 31, 2012, 11:56 amjd says:
But what fun it would be to provide the authorities with a key that reveals any silly thing you want. The problem is to be able to provide such keys after the disk has been taken. I think a remote RAID 1 mirror xor’d with an innocent looking Windows filesystem would be just the thing.
January 31, 2012, 12:43 pmAlso, look at TrueCrypt’s hidden/decoy operating system option to avoid the issues of data leakage.
-John
Barry Kearns says:
Surely you are not advocating that legal decisions that set precedent for forced decryption legal principles should hinge on the specifics of the algorithm used (you are asserting TrueCrypt here)?
As I pointed out earlier, there are alternate algorithms that smoothly blend along the curve from jarbidge’s N=1 to N=absurdly-large-number, which allow for vastly more manageable keys than requiring a key length equal to the hard drive size (as a pure one-time-pad would require. It’s even possible to map the ciphertext repository such that it is entirely human-readable, and thus meets the criterion of being “unencrypted” for purposes of argumentation.
So let me restate my point: if a defendant were using one of the above-described (or similar) systems which supported some number of different decryptions higher than one depending on the key used, would it be constitutionally sound to compel the defendant to produce every valid decrypted result that they knew of… and if so, how could this not be seen as compelling testimonial self-incrimination?
January 31, 2012, 12:43 pmBarry Kearns says:
Correct. The Pigeonhole Principle allows you to define the possible number of messages to decrypt using a one-time-pad to be equal to 2 to the power of the number of bits in the ciphertext. One more message than that violates the Pigeonhole Principle, since it guarantees that there must be two different results tied to a single key.
My apologies for not capitalizing in the previous message, Jarbidge. An inadvertent slip.
January 31, 2012, 12:50 pmJon Shields says:
I have already said that using Truecrypt’s hidden volume feature would prevent the prosecution from compelling anything. Why? Because they can’t prove the hidden volume exists. (That’s the point of Truecrypt allowing a hidden volume.) It is indistinguishable from free space on the outer volume.
If a key system allows exactly 2 distinct keys, and the prosecution can prove that the defendant can get both of the decryption, then the prosecution can compel them both. (With the hidden volume feature though, they can’t prove the defendant even has a second encryption.)
So it’s really not a question of the curve as a function of N. It is simply a question of: does what the prosecution is asking for exist (independent of the mind of the defendant) by a preponderance of the evidence, and can they prove the defendant has access to it?
Ultimately, this is a mostly irrelevant question. As far as normal encryption systems go, secure systems with large ciphertexts and short keys can only have one key (or a hidden volume-like system). This is true with probability extremely close to 1; it is basically impossible for two short keys to map to two valid filesystems in a secure encryption system. You could of course make a very insecure system where lots of keys mapped to lots of things, but that would be easy to crack in no time by the prosecutor.
January 31, 2012, 7:13 pmJon Shields says:
First of all, I am not advocating anything. I am just trying to apply existing doctrine to this case. I’m not saying I’m thrilled with the existing doctrine.
But to answer your question, the law depends on whether it is more likely than not that what the prosecution is asking for actually exists. So ultimately, it is extremely dependent on the algorithm in question. In fact, if the prosecution didn’t know the algorithm, and have no other context as to what they information might be, they wouldn’t be able to compel anything. The only way they can compel anything is if they can prove what they are compelling exists.
In the case of Truecrypt (without a hidden volume), one can glance at the spec and know that there is exactly one valid decryption per ciphertext. So for a normal Truecrypt volume, the decrypted file system absolutely exists (independent of the mind of the defendant). Because the prosecution has already shown that the hard drive is encrypted with Truecrypt (and that the defendant is more likely than not to have access to the single decryption that exists), they can compel the data.
In the case of a one time pad, there is no such thing as a well-defined decryption. Something that can’t even be defined cannot “exist” outside the mind of the defendant. The prosecution can’t say “Produce the X,” because they can’t define what X is (and prove it exists) without the mind of the defendant.
January 31, 2012, 7:23 pmBarry Kearns says:
But this would seem to argue against your position, since the combination of the possibility of a hidden volume, and the inability to determine whether one in present from an examination of the outer volume[1], the use of TrueCrypt at all would seem to create an issue of being unable to apply your distinguishing test without self-incriminating testimony from the defendant.
I’m assuming in this case that the distinguishing test between your two positions is whether or not a hidden volume exists. You seem to be asserting that if this is a “normal” volume, they can somehow compel production, but that the presence of a hidden volume would “prevent the prosecution from compelling anything”.
This seems to come down to the crux of the issue as I see it: squaring the specific order in this case (“requiring Ms. Fricosu to produce the unencrypted contents of the computer”) with the notion of having to specify what it is that actually “exists”.
From reading the order, the outermost layer of whole-system protection on the laptop in question was not TrueCrypt, but was instead PGP Desktop. Assume arguendo that, once the proper passphrase is applied to the Toshiba M505 in question, that an underlying file system is revealed, and amongst the various files within that filesystems are the program files for TrueCrypt, and one or more files that appear to be nothing more than pure binary data. Assume further that a copy of a program like KeePass (a password vault program) is also present, as well as browsers like Firefox.
If the outermost layer of PGP Desktop whole-disk encryption is removed, but the prosecution cannot examine in clear-text everything that may potentially be encrypted in some form (the binary files may contain TrueCrypt volumes, the KeePass data files contain encrypted data, and the browser password caches are likely encrypted as well), can the defendant rightfully claim that they have complied with the order to “produce the unencrypted contents of the computer”?
The output results from removing an outer whole-disk encryption does not necessarily fully decrypt other data contained within that volume. Does the order in question imply that the defendant must continue an iterative process until all previously-encrypted data at any depth is somehow available to the prosecution in cleartext?
How is distinguishable from the case of TrueCrypt and hidden volumes? Prior to the defendant removing the outer layer of whole-disk encryption, the prosecution has no idea whether other further-encrypted data exists within that volume. Can the prosecution simply go on an iterative fishing expedition, requiring additional decryption on demand based on what they find?
The defendant was granted production immunity. How could this not be seen as derivative from that production?
February 1, 2012, 12:53 pmBarry Kearns says:
For the previous post, [1] refers to ignoring the degenerate case of too little space being present on the outer volume to have allowed the creation of a hidden volume.
February 1, 2012, 12:55 pmDavid Schwartz says:
The only way the prosecutor knows that the address was on the defendant’s hard drive is because he knows that address was provided to him by the defendant and he knows that the defendant decrypted the contents of her hard drive. So any use of the fact that the document was on her hard drive is derivative use of the fact of her production of the decrypted document. It is thus derivative use of the very things for which she has immunity.
Absent the knowledge that she produced the decrypted contents and that she produced them by decrypting the encrypted contents of her hard drive, how does the prosecutor know the documents were ever on her hard drive?
February 3, 2012, 12:00 am