Magistrate Judge Finds Fifth Amendment Right Not to Enter Encryption Passphrase:
Imagine the government seizes a suspect's hard drive and finds encrypted files inside. Can the government force the suspect to enter in his encryption passphrase so the government can view the decrypted files? Or does the Fifth Amendment privilege give the suspect a legal right not to enter in the passphrase? On November 29, Magistrate Judge Jerome Niedermeier in Vermont handed down the first opinion to squarely address the issue: In re Boucher. Judge Niedermeier ruled that the defendant did have a Fifth Amendment privilege in such circumstances. This is a hard issue, but I tend to think Judge Niedermeier was wrong given the specific facts of this case.
First, the facts. Boucher was crossing the border from Canada to Vermont when border agents began to suspect he had child pornography in the car. They saw a laptop in the back of the car and opened it up. It was not password-protected, an an agent began to look through it. (By way of background, the Fourth Amendment has an exception at the border that makes this search legal.) The agent came across several files with truly revolting titles that strongly suggested the files themselves were child pornography. The files had been opened a few days earlier, but the agent found that he could not open the file when he tried to do so. Agents asked Boucher if there was child pornography in the computer, and Boucher said he wasn't sure; he downloaded a lot of pornography on to his computer, he said, but he deleted child pornography when he came across it.
In response to the agents' request, Boucher waived his Miranda rights and agreed to show the agents where the pornography on the computer was stored. The agents gave the computer to Boucher, who navigated through the machine to a part of the hard drive named "drive Z." The agents then asked Boucher to step aside and started to look through the computer themselves. They came across several videos and pictures of child pornography. Boucher was then arrested, and the agents powered down the laptop.
Now here's where it gets interesting. Two weeks later a government forensic analyst started to analyze the machine. He created a "mirror" copy of the hard drive and then looked at the mirror to see what it contained. But it turned out that the part of the hard drive that was designated "drive Z" was encrypted with the popular software program PGP, and no one — no one, presumably, except for Boucher — knew the password. The government tried to guess the password and failed, so the grand jury issued a subpoena to Boucher ordering him to disclose the password to drive Z. Boucher's counsel them moved to block the subpoena, arguing that he had a Fifth Amendment privilege not to comply. The government responded that it would be happy to just have Boucher enter in the password without the government ever seeing it. The Court thus addressed only whether Boucher had a Fifth Amendment privilege not to enter in the password.
Judge Niedermeier ruled that Boucher did have such a privilege and quashed the subpoena. According to Judge Niedermeier, entering in the password would be testimonial.
First, the facts. Boucher was crossing the border from Canada to Vermont when border agents began to suspect he had child pornography in the car. They saw a laptop in the back of the car and opened it up. It was not password-protected, an an agent began to look through it. (By way of background, the Fourth Amendment has an exception at the border that makes this search legal.) The agent came across several files with truly revolting titles that strongly suggested the files themselves were child pornography. The files had been opened a few days earlier, but the agent found that he could not open the file when he tried to do so. Agents asked Boucher if there was child pornography in the computer, and Boucher said he wasn't sure; he downloaded a lot of pornography on to his computer, he said, but he deleted child pornography when he came across it.
In response to the agents' request, Boucher waived his Miranda rights and agreed to show the agents where the pornography on the computer was stored. The agents gave the computer to Boucher, who navigated through the machine to a part of the hard drive named "drive Z." The agents then asked Boucher to step aside and started to look through the computer themselves. They came across several videos and pictures of child pornography. Boucher was then arrested, and the agents powered down the laptop.
Now here's where it gets interesting. Two weeks later a government forensic analyst started to analyze the machine. He created a "mirror" copy of the hard drive and then looked at the mirror to see what it contained. But it turned out that the part of the hard drive that was designated "drive Z" was encrypted with the popular software program PGP, and no one — no one, presumably, except for Boucher — knew the password. The government tried to guess the password and failed, so the grand jury issued a subpoena to Boucher ordering him to disclose the password to drive Z. Boucher's counsel them moved to block the subpoena, arguing that he had a Fifth Amendment privilege not to comply. The government responded that it would be happy to just have Boucher enter in the password without the government ever seeing it. The Court thus addressed only whether Boucher had a Fifth Amendment privilege not to enter in the password.
Judge Niedermeier ruled that Boucher did have such a privilege and quashed the subpoena. According to Judge Niedermeier, entering in the password would be testimonial.
Related Posts (on one page):
- More on Encryption, the Fifth Amendment, and the "Foregone Conclusion" Exception:
- Magistrate Judge Finds Fifth Amendment Right Not to Enter Encryption Passphrase:
On the 5A issue, I agree with the the court on this one. It's up to the government to develop its own evidence, not have it handed to it on a silver platter.
At any rate, the penalty for refusing the subpoena should be less than for possession of kiddie porn, so Boucher would be inclined to tell the investigators to screw themselves regardless.
Boucher won't be "bringing" the files to the police in response to an order to incriminating files; he will merely be opening the door to the safe that we all know is his and that we seem to know he knows how to open.
I think this is why analogies to the physical world don't (or shouldn't) apply. If the action/information would result in additional counts of the same crime they already have evidence for, would that not trigger 5A? If it were a physical safe, would a contempt charge result even if the police owned a cutting torch?
I never understand these kinds of facts. When asked to enter the password the first time, why didn't he say "no"? Why on earth would he waive his miranda rights?
i disagree and here's why. at least as i have been taught, this is a 5th amendment issue, and the right not to be a witness against oneself, incriminate oneself, etc. refers to testimonial evidence. you cannot force (even by subpoena, warrant, or whatever), somebody to TESTIFY against themself (confess, etc.)
you most certainly can force them to provide EVIDENCE against themself - such as (given appropriate orders, warrants, etc. ) - DNA, check their hands for offensive/defensive wounds, blood sample for alcohol analysis, etc.
this is just such a case.
part of the way the govt. develops "its own evidence" is by (assuming they have the necessary probable cause, order, etc.) searching for evidence, and compelling it be turned over.
he absolutely established that he had an expectation of privacy - especially since the files were encrypted. that means the govt. has to establish PC etc. to search the hard drive. which they had. the fact that he encrypted it does not mean they have no authority to do so, nor does it mean he has some kind of (invented) right not to turn over the password given proper PC and court order.
otoh, if he said he FORGOT the password, could they really prove beyond a reasonable doubt that he was lying about that?
When you say you agree with the Court, I gather that means you disagree with me; I'm curious, where do you think I go astray?
Oops, I guess not. Maybe "roslton"
Oops, I guess not. Maybe "soltron"
Oops, I guess not. Maybe "noslot"
Oops, I guess not. Maybe "tlosron"
Oops, I guess not. Maybe "thiscangoonforever,chump"
a smart person would have said "i can't remember the password right now, i'm so stressed out".
" Why on earth would he waive his miranda rights?"
this has been explained about a million times. there are all sorts of reasons why people waive miranda, due to a # of issues. you have to look at it from a psychological angle. also note that waiving miranda is NOT necessarily against your best interests. i have seen many many cases where suspects waiving miranda helped them out significantly.
i'd analogize this to a DUI case. assuming the person is in custody (differentiating from the traffic stop which is an investigative detention up until the point it becomes a custodial arrest), and thus since they guy is now in custody, triggering miranda assuming interrogaton was to begin.
the 5th, and the flawed reasoning behind miranda included, does not mean one would have to mirandize the person before asking them to perform field sobriety tests. why? because nystagmus, walk and turn, one leg stand, etc. are not "interrogation", and they are not likely to elicit an incriminating response - testimony.
they are a search for direct evidence, not testimonial evidence.
cops can search the hard drive if they have PC and a warrant, or consent.
the fact that its encrypted is irrelevant to the above. it's still evidence, they have the authority to search.
people have rights, the state has authority(s) or in the case of eric cartman "authoritah".
he doesn't get some kind of magical pass because he chose to use encryption.
as long as the cops can establish that they have PC to search the hard drive, and they have the order, they have the authority. thus, he has no "right" not to tell them the password, any more than he has the "right" to stand behind the door of a house they have authority to search and not let him in, or he has the right to keep them from poking a needle in his arm to draw blood (assuming they have PC for that, etc.).
they certainly couldn't ask him "did you put these files on the hard drive" etc? without mirandizing him, nor could they compel him to answer. i also think that since they can COMPEL him to give the password, they should not be able to introduce as evidence - the fact that he knew the password, based on the fact he gave it to them. if they can otherwise establish it - through his testimony etc. (i know the password and im not telling), fine.
There are no publically known such insecurities in the PGP product.
"The agents powered down the laptop" Oops...
I agree that once he disclosed the contents the first time, he abandoned the protection of the 5th (unless he was contesting he was under duress the first time around).
child pornography in the car.
How exactly did that work, one wonders? "Is it just me, or does the guy in the red Toyota in lane 5 look like he's got child porn on his mind?" "Gadzooks, you're right! Let's pull him over!"
I'm sure there's some kind of story there, but it's a bit mystifying as written.
Are you sure they need reasonable suspicion? The district court in Arnold said so, but that's just a district court in California and (based on the oral argument) is probably about to be overruled by the Ninth Circuit anyway.
Am I correct in reading this to mean that the 5th Amendment means I don't have to give the police the combination to my safe, but doesn't mean I can refuse to give them a physical key? To a naive non-lawyer like myself this defies logic, but if it's right then I don't see why a combination is more privileged than a password.
However, if he hadn't shown the files to the officers already, then I'd agree with the judge and he should not be compelled to give up the password on 5th amendment grounds.
The UK has a law that compels disclosure upon demand. It's a law that I happen to disagree with.
Yes, I'm one of those non-lawyer types who just happens to read this blog daily.
My sense is that these cases come up in various disturbing ways: very young children's clothes in the car but no children, a person who has been under suspicion before, etc. I suppose I could have called up the lawyers and tried to get the full story, but it's not actually relevant to the legal issues raised in the case and those facts aren't in the opinion.
(1) The government has one dead body and blood evidence that someone was in violent contact with a second missing person, i.e. an admission that "Sure, that bloody shirt is mine."
(2) Then obtains a subpoena requiring the (guilty of one, a definite suspect of a second) murderer to reveal the location of the second body.
I don't think you would argue that providing (2) is not communicative. But by Orin's argument, it's just the location of an object. If I'm not picking up on something, please explain.
This is why law school is no fun.
This is based on a statement in the dissent in Doe v. United States, 487 U.S. 201, where Stevens says:
The majority addresses this by saying that the situation was more analogous to a key than a combination. In this case though, it seems that the password is closer to a combination, so--at least based on that wisp of precedent--the judge here was right.
But note that Boucher was not being compelled to reveal the password; he was only being compelled to use it. I think that responds directly to Stevens' argument.
As to the foregone conclusion doctrine, if it really has only been used in previous cases for the production of documents and other physical things, the same analysis applies.
Orin, I understand that you think the law should be different, but how do you distinguish this from the safe combination? It seems like, at least in the average case, we would know who the safe, and therefore the contents of the safe, belong to. I suppose if there is an apartment or business office rented in a false name or by a dummy corp, we might not know. But if its in someone's home, the safe belongs to the homeowner too.
I don't understand your hypo. Can you clarify who says what, who is the suspect,and whose shirt is it?
David Schwartz,
Can you quote the passage of Hubbell that you think is dispositive here?
I am puzzled by your comment on several grounds. First, I didn't say I think the Supreme Court law should be different. I don't know why you seem to believe otherwise.
Second, the caselaw suggests that handing over a key is okay but disclosing a combination would not be. Why do you think that entering in a passphrase but not disclosing it is like disclosing a combination but not like handing over a key?
How does it help that he's only being asked to use it? First off, "just" opening the drive gives up all testimonial aspects of using the password; ie., z drive is mine, or at least I have access and control over it. Secondly, officers could easily turn their backs while someone enters a combination to a wall safe for example.
That being said, a previous poster mentioned that this was dicta in a dissent, therefore it has little to no precedential value.
Now, whether that is trumped by his previous waiver where he (at least arguably) showed such control, knowledge and access I'm not sure--but I think the magistrate would be on pretty firm grounds without such waiver.
I think I answered your second question in my subsequent post. As to your first question, I was assuming that the quoted portion was from the majority, as it doesn't indicate otherwise, and actually, as it's a series of ID's, you can't tell the case.
The distinction arised from the fact that the Federal right against self-incrim uses the term to "testify" against himself. In the 18th century, there were no forensic tests.
In a DUI case here I argued that the state bill of rights, which says no one may be compelled to "give evidence" against themselves was broader and should cover a breathalyzer. It got shot down, of course.
I didn't mean that in the sense of a heightened standard. It just seems a bit odd, as alkali notes, that they didn't see any evidence until they powered up the laptop. The search itself was not random - the agents claim to have had SOME suspicion, but it isn't obvious from what is written what that suspicion was based on.
Don't argue in bad faith, Orin. You know Fisher was wrongly decided.
The disagreement with the judge seems to be completely closed down by a quote further in the "Doe II" case cited in the opinion. The majority talks about how this is more like a key than a combination. Shortly after that they talk about why it is not a combination (ie., why it doesn't prove control of the bank accounts at issue in Doe II).
Given that quote, how does the password not testify that a SPECIFIC drive and the contents of that drive are controlled by Defendent?
Would you hold the same opinion if the suspect confessed before being Mirandized but then wouldn't confess after being Mirandized? Presumably, the suspect *should* under your logic, have to confess again, because the police would just be getting back to where they already were. And the contents of the mind were just being produced again for the convenience of the authorities.
I can see your point, but I have to say I side more with the judge, here. I'm not sure yet if that's just because I don't feel like the courts should bend over backwards to rescue official stupidity (they powered down the laptop!?) or because I think the legal analysis is better than yours.
I think your argument is a loser because of the combination/key case, and I'm not convinced that "the police know he knows the password" is enough to get you out of that rule.
Because demanding a password is more like demanding a combination (information in the brain) than handing over a physical object. There is no substantive difference between saying a password and entering it onto a keypad.
Professor Kerr, do you know of any cases in which a defendant has been compelled to produce information from his brain over a Fifth Amendment challenge?
Boucher's entering in the password won't amount to Boucher's testimony about anything they don't already know in the context of this case.
This is utterly irrelevant. A defendant can tell a cop, "I killed my wife" one minute, and take the Fifth the next minute when the cop asks him to repeat it. It's not like the Fourth Amendment where once the idiot hands his pot to the cops, it belongs to the cops forever.
This case also shows how utterly stupid so many of our clients are. This dude goes through all the trouble of encrypting his hard drive, but then voluntarily shows the contents to the cops. Moron.
Further, why is the Government going through all this trouble? As you said, they can already put the agents on the stand, have them describe the images they saw, and send the guy to prison. Child pornography charges bring huge sentences for only a few images. Plus, creative prosecutors could find other charges to stack on this guy.
To this end, I think there should be an exception to the 5th Amendment similar to the hearsay exception, you can't use testimony for its truth value, but you can use it for other purposes. For example, if someone tells you where the murder weapon is (under torture or otherwise) you can still go get the weapon and use it as evidence against them. If they were tortured to get the gun, the people torturing him should be charged with a separate crime.
The reason for this is that the constitution should protect the innocent and not the guilty. Allowing tortured confessions runs the risk of leading to the conviction of innocent people. Using the testimony to get other evidence will not cause any trouble for innocent people, because an innocent person wouldn't know where the evidence was.
To apply this idea to the instant case, I don't think that it should be allowed to ask this guy whether he downloaded the porn, or if he knew that it was there, but you should be allowed to force him to hand over the password. The only possible problem I could see here is that admitting to knowing the password is likely testimonial, insofar as it may go to show that he had possession of the porn. Theoretically, the police could get the password through other methods and tell him what it was and force him to admit that he knows it. There is an easy solution to this though, admit the porn found on his computer and bar his "testimony" that he knew the password.
* * *
These bring up an interesting ethical question. If I lose a challenge like this and if all appeals are exhausted, can I advise my client to disobey a federal court order if I'm convinced that he's better off accepting a civil contempt penalty than the criminal penalty he would face if the government got the information he had? I imagine not.
But I could see giving advice like, "Here are your choices. 1) provide the information and go to prison forever for child pornography. 2) Face a civil contempt prison term for a maximum of ___ years. As an officer of the court, I cannot consider your best interests, and I must advise you to turn over the information even though if you don't, it will save you decades in prison."
The more interesting question, which I'd like to hear people's speculation about, is whether the government really can't break PGP (and if it could, it would not need the password at all), or whether its just not willing to admit that it break PGP in the context of prosecuting a child pornography posession case.
Google "steganography." You'll be amazed as what people in the encryption field have devised.
I'm interested in your response to AnonLawStudent's hypo, where there's good reason to belive that a body hidden somewhere, and the suspect is subpoenaed to tell officers where it is... and when that doesn't work, subpoenaed to take blindfolded officers to the body.
I can't quite tell from your post - are you arguing that the judge was wrong only because we already know that he knows the password? In other words, would the decision have been valid if either a) he had never previously demonstrated his knowledge of it, or b) the government was still demanding the password itself?
My hypo is this:
(1) Police ask a guy [Boucher] crossing the border to open his trunk. They find that he has a dead body #1 [kiddie porn Set 1] in the trunk. While examining the car, they also find a shirt that is covered in blood. When asked, the guy says "Sure, that shirt is mine." When the shirt is analyzed, the police determine that it has blood from missing person #2 [kiddie porn Set 2] in sufficient quantity to indicate missing person #2 is dead.
(2) The police obtain a grand jury subpoena requiring the guy to disclose the location of dead body #2.
What distinguishes disclosing the password verbally versus disclosing it by typing it in? Is it possible to prevent the government from gathering evidence as he performed his compelled action, such as by watching him type it in, by logging the keystrokes, or by fingerprinting the keyboard afterward?
Given the way PGP works, the correct analogy isn't really to having files in a combination-locked wall safe. It's having files in a keyed strongbox, where the only key is in a combination-locked wall safe. (And where both the strongbox and wall safe are stronger than physically possible.)
The government can take stuff from you (keys, blood, even stomach contents) but they can't make you say anything or do anything. Is there any case law out there that requires a person to talk or act?
And I wholeheartedly agree with you.
I believe such a product (one one very similar) does in fact exist. I don't remember the name, but I think what it does is encrypt your Windows disk with multiple different passwords, where password A is necessary to get basic access, and password B is necessary to view the super-protected files (or even know they exist).
It also does some magic with the filesystem to completely hide the existence of the super-protected files from such high-level analysis as checking the physical capacity of the disk against the free space and total file sizes.
I just wish I could remember the name.
This actually raises interesting questions from my perspective—what about cryptographic dongles that supply passwords? They function identically to a good cryptographic key, and look like a physical key, but exchange digital information that's much too complicated for a person to reason through rapidly.
Really good systems rely on the presence of both a dongle and a key—could the defendant be ordered to turn over one and not the other?
What about destruction of evidence issues? I own media that is tamperproof (cannot be cracked open and physically hacked/copied/archived), and will self destruct if the wrong password is entered too many times. Is the defendant under obligation to tell law enforcement that if they attempt to crack it they will be destroying evidence? Is the defendant culpable through their inaction even with their fifth amendment right not to speak?
It's already established that 'mere access mechanisms' like a perjury-trap don't hold up—so you couldn't use a passphrase like "Under penalty of perjury, I hereby testify that I assert my identity is John Doe and I unlock this under free will and not by court order"
The judge really does appear right on. If a party can be ordered to provide a key, the prosecution should at the very least have the burden of proving that they do have it. Not only is this clearly impossible with respect to proving intent and knowledge, but it takes away the presumption of innocence—Who has never forgotten passwords before? Worse yet, with the aforementioned systems (truecrypt), I could provide any number of passphrases, providing any number of different "realities". One of my hard drives at this moment has a 10G sector of pure random numbers (indistinguishable from encrypted data), that is waiting to have an encrypted sector assigned to it. If I was arrested at this moment, a court order to 'reveal a key' would be impossible at worst, and at best result in me fabricating a lie. A court would of course order production of 'all necessary keys'—but at what point do they stop and believe me when I indicate that this last random block is truly just garbage? Believe me when I state that mathematically speaking, for anyone but your worldclass intelligence institutions—there is no way to tell the difference
Am I to be held accountable for every single website I ever registered for, until the end of eternity?
Public Defender—I like your point. I have heard that in some nations, they do not impose additional penalties on individuals who attempt to escape from prison (assisting is another matter), because they recognize the natural state of any individual is to seek their own freedom. I'd like to take your comment one step further—a defender is the last barrier between their client and the awesome power of "The State" If at any time they ever ceased to act with their client's best interests in any capacity—could any client ever trust them (all defenders) again? As the last obstacle between a loss of freedom, and (in some nations) death—I submit that any action whatsoever to the detriment of the client for the benefit of the state or its laws is likely to unravel the delicate social fabric of respect and respect for authority that holds the legal systems together. If people cannot trust their solicitor, then even the innocent accused suffer widely. Just a few thoughts...
Let's say I have a computer with (1) some files on it that are not password-protected, (2) some files that are password protected to which I possess the password, and (3) some files that are password-protected to which I do NOT possess the password. (So far is still actually true).
Now let's say that I do not know the contents of some of the files in category 3. (This is (probably) not true of me, but it is plausible for some people.) Were some of the files in category 2 or 3 to be illegal and were my culpability for possessing those files to be at all dependent upon my knowledge of their contents, I would be incriminating myself by revealing which category (2 or 3) a given file belonged to.
By providing a password for a file, even if I don't disclose the password, I still reveal which category the file is in. I have testified to the ability to open the file, something that is in doubt before I testify to it. That appears to incriminate me.
Now perhaps I misunderstand the uses of PGP. Perhaps it is unlikely that one might use it in a manner similar to the way password protected .zips (inside torrents) are used. But unless someone can substantially differentiate this case from my hypothetical, I am inclined to think this judge is fairly astute.
All that said, this is a big, big "uh oh" for computer law enforcement. If you can't be compelled to reveal encrypted data on a machine in your possession, by a constitutional right, then you can expect a huge explosion of encryption to follow. Hell, I would - why risk that some cop might want to check to make sure my work didn't contain any child porn? (Especially as I subtitle anime for a living - the distinctions can be fine enough that I might not want an angry cop making the call!)
On the other hand, if you really do have something vile on your drive, and not just scans of a porno book that sells on the newsstand in Japan, why in God's good name would you decrypt it in front of a cop? "Dunno, that's been there since I got the computer, think it's a system restore something or other." You could even rig the computer to look like it had been hacked and the (encrypted) data put there without your knowledge... But even telling the judge to sit and spin on your data encryption password isn't as bad as a conviction for full-on child pornography, no? In this case, Boucher can't even claim "look, I gave you the right password, it's not my fault if it won't open", since he opened it himself!
If the rational conclusion when thrown into such a situation is to engage in such activities, then why be surprised when it happens? Given the choice of going to jail for a year and longer incarceration followed up by a lifetime registry as a sex offender, being tagged, and risking being murdered by your neighbors, in addition to being a convicted felon who no longer has many basic rights--the choice to a rational individual is quite obvious. The order to reveal information puts an individual in the situation of imminent danger to their liberties, or to disobey the court and accept a (lesser) threat.
Similarly--with public defenders, if they fail to provide meaningful advice to their clients, and instead act in the interests of the state, why would anyone trust them with their well-being? Yes, I don't expect my solicitor to smuggle a pistol into the jail for me--but anything less than completely candid advice on my best interests, and they can no longer be expected to provide the counterbalance they were intended to. Worse yet--they risk being viewed as an agent of the state itself, and not trusted by the innocent who need them to preserve their liberties. How can I even trust them to tell me I should refuse something pending an appeal when that might be a mere ploy?
I think it is a big "uhoh" for the police no matter what. That's why they keep trying to find weaknesses in encryption methods. I personally favor the idea that the police can get a warrant for the encrypted (cypher) text, but they can not force someone to give up plain-text. Encryption in and of itself is not illegal, and without cause I don't think they even have a reason to search inside of it. But because the material is (possibly) incriminating, to the extent that if it is revealed in plain-text he's going to jail for a long time, the fifth logically applies. Now, if the cops can break the encryption, bully for them, but they can't compel it.
A poster on a blog site posts something illegal to the comments section of the volokh conspiracy. Maybe it's one of those DRM keys, maybe it's a bomb threat. I dunno. But the government wants to find who did it.
All they manage to obtain is an account name and an IP address to a public terminal. They also discover that I posted to the volokh conspiracy very close in time to the offending post and that I did it from the same public terminal. Using some bit of publicly available information, they track me down and I confirm that I authored the post written under my log in name.
Can the police now order me to turn over the password to the other account that posted from the same public terminal at roughly the same time?
Either it wasn't me, and I don't know the password. Or I do know the password, and by entering it, I provide pretty strong evidence that I made the offending post.
This hypothetical seems similar to the case in that there is no proof that I know the password, and turning it over will involve showing that I know the password, a piece of information that incriminates me.
The problem with your approach is that it can be reasonably guessed that you are hiding something else based on the size of the size of the encrypted file vs. the unencrypted file unless you have additional cleverness. For example, in e-mail there are some encryption tools where you use some normally unused bits in certain graphics formats to hide an encrypted text message. As was mentioned, this guy would have been better off with TrueCrypt – he could have had one encrypted partition with some legal stuff in it, and competently hidden another partition within the first partition. The inner partition would look like random junk on the disk to other people searching the disk (much like real unused space).
I disagree with your analysis. You are confusing "foregone conclusion" with waiver. The cases that say that there is no additional "testimonial" information to be gleaned from enforcing compliance with a subpoena (the "foregone conclusion" cases) usually have to do with subpoenaing bank records from a defendant when you already know the bank account information (e.g., location and number/identifying information on the account). I have never seen it applied to something that would be the equivalent of granting the government access possibly to additional evidence of separate criminal acts. In this case, to apply it to a bank account hypo, if the government knew of account A at Wells Fargo, in the name of the defendant, a subpoena to defendant for his records of account A would not add to anything to what the government already knows, so there is no "testimonial act" being compelled, of any practical significance, by such a subpoena. But, if the subpoena asked for all records regarding any bank accounts that you control at Wells Fargo, and the defendant possibly had accounts that the government did not know about at Wells Fargo (beyond Account A), that would be a testimonial act of great significance (authenticating the records of the other accounts would incriminate the defendant). The second situation is what we have here: the government knew about some child pornography on the computer controlled by defendant. having the defendant type in the password would force him to admit to the government his control over, and access to, possibly other instances of child pornography, and absolutely would incriminate him.
Just imagine, the AUSA would argue at trial that the defendant's knowledge of the password was very damning, and proved that he (1) controlled and limited access to this stuff, and therefore must have put it on his computer (and not someone else) and (2) knew it was wrong which is why he encrypted it.
This does not stop the prosecutor from running exhaustive password cracking tests against the 'drive Z' and this does not require a further subpoena nor impinge on the defendant.
The exact point here is that the defendant *MUST SPEAK* to comply with the prosecutor's demand.
John (at 10:09 pm) had it right in non-legal language.
Orin. the joke goes 'you must be an intellectual to believe something like that'. I am surprised that you did not see the distinction. (P.J. O'Rourke, I think..),,
Geoff
This isn't true. Because it's not so easy to distinguish between an innocent person, and a guilty person who lies and claims not to know. But guilty people get punished for not turning over the evidence. Which means that innocent people will also get punished for turning over the evidence they don't have.
As has been pointed out, breaking PGP or similar encryption requires factoring very big numbers. It can be done, which is why as computers have gotten faster, more “bits” are used to encrypt – bigger keys makes breaking the cypher through brute force much harder (that is a bit simplified but generally true). You can find lots of estimates on what it might take to break a single encrypted file – breaking the strongest encryption is unlikely using publicly available methods and modern computers.
It is also unlikely that the government can easily “break” state-of-the-art encryption, as in the movie Sneakers (which is a pretty decent movie BTW). If the NSA has any tricks to decrypt PGP (and it would be the NSA), it is probably just a weakness in the encryption that NSA can exploit to turn the extremely hard problem into a less hard problem - and then NSA would still need to use its huge CPU resources to finish the job. Might NSA have found a shortcut? Maybe. When the original public encryption standard (DES) became available from ANSI in the 70s, it took the academic community 2 decades to fully understand two modifications the NSA was known to have made to the public standard. Academic and commercial en/decryption have probably caught up quite a bit, but the NSA could still easily be years ahead of everyone else. And no, the NSA would not reveal any weaknesses in PGP's encryption for a kiddy porn case, any more than a broken enemy code would have been revealed for a single criminal trial during WWII.
Orin, this analogy seems to be the key to your thinking, and I believe it is wrong. Or at least, I hope it is wrong. I'm trying to think of what "bringing the files to the police" would entail in this context. The closest I can think if is if the court were to compel him not to disclose, or even type in, the password, but to unencrypt drive Z. If it would be improper to compel him to unencrypt the drive, then I don't see how it could be proper to compel him to type in the password, which effectively unencrypts it. What is the distinction?
Maybe it analogizes to physical documents written in code. We know he knows the code because he has decyphered some of the documents in the past. Can he be compelled to decypher the remaining documents?
Perhaps I am misunderstanding the facts. You say he waived his Miranda rights. That makes me think that the police testimony is admissible. What more do they need from the password? Are they concerned that he's going to claim at trial that the police are lying / halucinating? Or are they digging for additional contraband? If the latter, that seems problematic.
Is there caselaw around what happens when a suspect reveals a portion of an indivisible set of documents; that portion turns out to be incriminating; and the entire set ends up out of reach of the prosecution, where only testimony from the defendent could retrieve it? For example, the police end up in posession of a copy of a single page of a document; they lose the page (and don't even remember which one it was); and they attempt to subpoena the entire document from the defendent?
1) PGP Disk Encryption, a part of the commercial PGP Desktop product, is completely different than the PGP email standard and attacking each would use different techniques.
2) AFAIK, there are no quicker attacks against PGP Disk Encryption than trying many many possible passphrases. The key derivation function for PGP desktop is pretty computation intensive (PKCS #5) so a brute-force attack is impractical for any passwords but the most basic.
3) Because #2 is true for most disk encryption products, I once read that the Secret Service has a software suite that looks for unique words and phrases on a person's hard drive and then tries passphrases related to them. So if your passphrase is your SSN, birthdate, and dog's name, they might guess it in a reasonable amount of time.
4) It is true that Truecrypt, a free encryption product, allows you to create an encrypted partition where if you enter one password it only reveals some of the disk, and if you enter another it reveals the entire disk. This is pretty cool, especially because you cannot mathematically (and I guess legally?) prove that the secret partition exists, if you set things up right.
5) This issue is going to be much bigger in the coming years, because the Bitlocker encryption technology built into the expensive versions of Windows Vista is not only excellent, but uses a computer's hardware security chip to "trapdoor" the disk and force the use of a "recovery code" to decrypt the disk if somebody tampers with the machine or tries to enter a password too many times.
More broadly, I'm really interested in the fact that so many readers think this issue is so easy! I think the general question of subpoenaing encryption keys is difficult if not impossible to answer because there is no Supreme Court case really on point; the general issue is in the gray zone amidst Fisher and Hubbell and Doe I and Doe II. I tend to think that the specific facts of the case make this more like Fisher than Hubbell. But either way I think it's hard: it's hard because the scope of Fisher and Hubbell and Doe I and Doe II are really murky. Given that, it's really interesting to hear that some readers think the issue is really pretty obvious and that it's clearly another Hubbell.
"OK, I give up. The password is 'arglebargle2' ... What do you mean it didn't work? That's the password I used when I unlocked the Z drive for the border patrol agents! Look, they're the ones who were messing with it, and they turned it off -- they must have altered something! Ask them what they did to screw things up! Boy, you know how finicky Windows Vista is about digital rights management issues -- I'll be lucky if I can ever access any of my files now!"
Upon first reading, your description of the background did not seem to agree with the quoted statement, so I went to the linked file and read the judge's background description.
Upon reading that description, I see that the entire drive is encrypted with one key, which prevents officers from seeing the same exact files that they were given access to by Mr. Boucher previously. Thus, there is no further incrimination that Mr. Boucher can perform by demonstrating that he knows the password. That clearly makes the nature of delivering up the password different from what I (and I assume others) believed it to be.
Becoming aware of this fact doesn't make me suddenly do a 180 on my opinion, but I now see how it is a difficult case, not a seemingly obvious one.
I get the impression in this discussion that being compelled to turn over a physical key is uncontroversial. However, this doesn't conform to my layman's understanding of the Fifth Amendment.
Let's say the police, legally searching a closet in my house that I share with my immediate family, find a strongbox. I know that it contains an unregistered handgun that I recently used to commit a murder and I alone know where the key is. If asked to turn over the key, can't I refuse to confirm or deny that I've seen the box before, let alone that I have the key for it? Wouldn't complying with the request be more incriminating than allowing the box to be forced open?
Since when can a person be subpoenaed to commit an act generally? Suppose the grand jury subpoenaed me with instructions to knit a sweater. Suppose that whether I could do this had evidentiary value. Would such a thing really be a subpoena? No. A subpoena is nothing more than the power to produce a person or an object in the grand jury room.
It is not the power to issue arbitrary instructions, however, relevant those instructions may be.
The government already possesses the hard drive, thus there is no longer an object or a person within scope of the subpoena powers.
Passwords seem to be significantly more testimonial than combinations. The real problem with analyzing the testimonial nature of passwords is that they can largely be anything. PGP, for example, allows very long passwords. Now that password could be a long random string of characters, or it could be "I am guilty of receiving child pornography having been shipped in interstate commerce pursuant to 18 U.S.C. 2252(a)(2)." or it could be "childpr0n" or it could be the name of a pet. These all possibly have testimonial qualities, but the possible range is pretty extreme and it is certainly plausible that some of the passwords could be incriminating. The problem is, the judge has no way of knowing what testimonial quality of information is in the password itself.
The solution to realize is that divulging the password is itself divulging a fact - the fact of whether or not the password contains factual information. This is of course, in similarity to the combination case, to the fact that the password unencrypts the files (like the combination that unlocks the door).
The other real problem for this will be if a court follows the HIIBEL V. SIXTH JUDICIAL DIST. COURT OF NEV.,HUMBOLDT CTY, 542 U.S. 177 (2004), in an analogous situation of being forced to disclose your name to your officer, held that "Answering a request to disclose a name is likely to be so insignificant in the scheme of things as to be incriminating only in unusual circumstances." This seemed to be something of a de minimis test for 5th amendment violations. However, the court was applying this to the incriminating prong, rather than the whole test or the testimonial prong. The evidence in this case is clearly potentially incriminating.
An interesting question would be to what degree use immunity would get around some of the issues. Could the prosecutor promise not to use the potentially incriminating password in the trial, but still get to use the files it decoded? Specifically, for fruit of the poisonous tree / use immunity analysis, can the good fruit of the non-testimonial aspects of the compelled testimony be separated from the bad fruit of the testimonial aspects?
That was my point in a nutshell. At the end of the day, if they've never seen you open up the box, they can't prove that you can; the judge may be cross with you, but if you're insisting that you provided the password, and it's not functioning, what can they do? Throw the book at you for not cooperating, sure, but if all the nasty child porn evidence is sitting on the partition where they can't get at it, they can't try you for it, can they?
(Of course, we're talking about a pretty dim bulb here, if he went to the trouble of encrypting files and then nicely unencrypted them when asked; it's entirely possible that there was more CP in his cache or other places where they can nail him anyway. For that matter, if you encrypt a file, why the heck would you leave the file name as something that screamed "child porn in here!" And if the policeman asks you if you have child porn on your computer, the answer is "no, sir!", preferably followed by "I like older women, sir!")
I don't know that this is a particularly good case with respect to encryption, though. It's true that Boucher's providing of the password would be tantamount to admitting before the court that he had child porn on his computer. At the same time, he has already made that tacit admission when he accessed the drive the first time. Unless he's denying that he accessed the drive, and that the agents are lying about that access, he's already made that admission to the court. In essence, you can take the Fifth to refuse to provide testimony against yourself, but once you've provided that testimony, you can't retroactively take the Fifth like some kind of take-back.
Then again, this is just the subpoena. The government could still present a pretty strong case - i.e. "this guy had a video file on an encrypted hard drive with 'baby rape' in the title, we looked at it, it was baby rape, but now we can't get back into it because of the encryption and he won't fess up with the password." Police's word against perp's word, and the police can still present the hard drive with the encrypted files that caused them to become suspicious in the first place, no?
Ruling that one can refuse to enter a password on the Fifth would make computer forensics really, really hard, though. What would Officer Pike have done if there were a password on the whole computer, and Boucher said "I prefer not to provide that password on the grounds that it might incriminate me?" (Obvious answer, seized the computer! But then Boucher wouldn't be up on child porn charges...)
This goes too far. I can't and won't advise my clients to lie, even if I know they thought they could get away with it. Also, I can't advise my clients to violate a court except under rare circumstances (for instance, where I plan to appeal the contempt citation to test the legality of the order).
The officer-of-the-court stuff means something. I think the dialog I gave above is the furthest I can go in dealing with an unjust but final order. My guess is that some prosecutors would say even that goes too far.
it's called a "sneak and peek" warrant. these are VERY rare, btw. i've read case law about them. i've never seen one (done scores of warrants myself), never talked to an officer who has written one, etc.
they are most commonly used in organized crime type investigations (such as above) and/or terrorism type cases.
my understanding is, especially in WA state, they are VERY VERY difficult to get.
PGP: i've seen only a very few cases where defendant's actually used PGP to encrypt their files. this boggles my mind, BUT in genereal people don't encrypt files that they should. this holds for everybody, not just criminals. people who are parole/probation etc. for child porn STILL don't usually use PGP. your average 14 yr old computer nerd (myself included) used PGP all the time. most people don't
according to my computer forensics guy, he SUSPECTs that maybe possibly some super high speed NSA type guys might have some way to break it, but that's just conjecture. if you encrypt it, us cops can't figger out the password (unless you use your daughters name like in wargames).
"Further, why is the Government going through all this trouble? As you said, they can already put the agents on the stand, have them describe the images they saw, and send the guy to prison."
because you have to prove the elements of the crime, namely that it IS child porn, not just porn. having some agents say "it looked like little kids" etc. might be enough to get a warrant for something, but it's not enough to prove beyond a reasonable doubt that said photos were in fact - child porn vs. say photos of young looking adults, etc.
also, wasn't the recent case about VIRTUAL CHILD PORN (compute generated images generated to look like child porn but that used no actual children) ruled that child porn laws could not be applied? i could be wrong on this, but wasn't that ruled legal?
so, even if the agents viewed photos of BABY PORN (it's pretty easy to establish that an infant is in fact below the legal age for explicit videos etc.), you would need to prove it was ACTUAL babies, and not computer generated. without access to the files, and just based on recollection, that's difficult (again, assuming my recollection about virtual child being legal ).
"provide all documents, whether in electronic or paper form, reflecting any passwords used or associated with the Alienware Notebook Computer, Model D9T, Serial No. NKD900TA5L00859, seized from Sebastien Boucher at the Port of Entry at Derby Line, Vermont on December 17, 2006."
Let's say he's never written down his password (not at all unlikely). Can't he comply with the subpoena by saying there are no documents that are responsive to the subpoena?
1) Turn over the password knowing what is on the drive and go to jail convicted of child porn and be dealt with in that manner.
2) Don't turn it over and go to lockup (or whatever is appropriate) under contempt.
Who do you think will be dealt with worse in prison? One way, you are a "dead" man and when you do get out, have to register every where you go for the rest of your life.
The other, you move on after spending the time in jail.
In all seriousness, I have to come down with the magistrate judge here. When I was in CrimPro the 5A mantra was tabula rasa: They could view the body, but never the mind. I see that there is more complexity to it than that by the other comments, but it still seems like a reasonable rule.
By the way, I have a PGP-excrypted "disk" on my laptop (my employer's laptop to be more precise) that holds many gigs of HIPAA protected info. I'm not giving anyone the pass phrase until told to my by company's general counsel.
You were correct about the attention this post would generate. (a previous email between Orin and me) I will definitely be including this issue in my black hat 2008 talk. From those who know me (as a govt hack who has never seen a bad search)(joking) I think this case was decided correctly under the knowledge of a combination vice producing a key argument. My question, if you have a biometric access device on the computer (eye scan or fingerprint scanner) can the govt grab your finger and forcefully place it on the computer? Seems it is like a key. But can you imagine some of the struggles the accused might use too avoid placing their finger down!!
What happens now if someone doesn't want to give a fingerprint--or (presumably after a Court order), refuses to submit to a blood draw/cheek swab/etc.?
Do they just go for contempt or is there forcible compulsion?
For that matter, I consider it forced self incrimination to compel a man to provide *anything* that may be used against him in a criminal case, but that is (almost) another matter.
Having said that, I'm unhappy that this *would* have to be a hard case (what appears to be an actual pervert who gets his sick jollies from viewing child pornography). You know the old saying about hard cases tending to make bad law, not to mention rulings. Some arrogant nerts in black robes at a higher level are likely to rule that forcing a man (even a pervert) to help the State hurt him is "legal". :(
Suppose the police stop me because they suspect that I'm dealing drugs. In a moment of panic I take them to a Storage Container that's full of incriminating evidence. The police briefly examine the Storage Container and find incriminating evidence. They then close the container and take me down to the station for questioning. Later, when they attempt to return to the Storage Container to fully inventory the evidence, they find that they don't have the right address. The police then try to force me to provide the address of the Storage Container that they know contains incriminating evidence. I decline the opportunity. The police know that I have a Storage Container full of incriminating evidence, I know that the police know about my Storage Container, but I'm under no obligation to provide them with the evidence to convict me. They had access to it, they lost access to it, too bad for them.
Do they just go for contempt or is there forcible compulsion?
They use force. If a DUI suspect refuses a breath test, some cops will seek a warrant, and then forcibly take a blood draw.
Actually, the advances being made in Quantum Cryptography, especially by Japanese computer scientists, will make PGP vulnerable in the very near future. Then cryptographers will develop methods for quantum encryption and the chase begins anew. It is a constant battle between those who want to keep secrets, and those who want to discover them.
Additionally, I believe a mathematician in Europe has submitted a proof describing a method of factoring very large prime numbers in a way that is revolutionary, and also defeats public key encryption. Don't have the reference, but "The Truth is Out There"
For an excellent layman's guide to all things cryptographic, check out Simon Singh's, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
Finally for a hard core explanation of cryptography, read Bruce Schneir's seminal work, Applied Cryptography
remember the identifcation of a suspect by another party is not a violation of the 5th amendment, using a facial recognition program to help identify a suspect likewise is not an issue; it is the use of a "biometrics key" case that I'm waiting to see since this is a locked container. Again I am of the view that a MJ would analogize the fingerprint to that of a key opening a lock box.
"PGP is Pretty Good Privacy. It's not absolute, however, and given a powerful enough computer and a couple days number-crunching, it can be defeated."
From a technical aspect, this is an absolute and utter fallacy. All the computing power that has ever existed in the known world could not crack PGP in a couple of days.
There are versions of PGP that use a key-strength of 8192 bits, which is 2^8192, though most use anywhere between 1024 and 4096. Imagine, if you will, a wall of light switches. In this example we're going to use 4,096 light switches. These light switches are wired so that only when they are in the correct position (up/down instead of on/off) will it pass the current on to the next switch. The end result is that the only way to light the bulb at the end is for every light switch to be in the correct position.
To put in perspective the number of possible combinations, this number is greater than the number of seconds since our sun was born, or 1,044.39 followed by 1230 zeros. A "couple of days computing" ain't gonna cover it.
Now if you wanted to brute-force the passphrase, the total number of potential passphrases are 256^255, or roughly twice as easy as breaking the encryption itself. That easier number is this: 1.2623830496605862226841748706512e+614
Go ahead, brute force it if you want. ;c)
Cheers,
Robert Reese~
A PGP user (and computer security professional) for more than a decade.
And, I think the Magistrate Judge's reliance on Hubbell is apt: the government wanted to limit the immunity offered to Boucher for entering the password solely to the "use" --the unlocking of the hard drive ---but not the derivative use---the information gleaned from searching the contents of the unlocked hard drive.
As for whether Boucher has already "incriminated" himself so much that this will add little to the evidence already possessed by the government: if so, why does the government want him to enter the password? This doctrine is a narrow exception to the Fifth Amendment that essentially says there is so little to be learned from the compelled information, it really is not a significant infringement on the defendant's rights. It is somewhat akin to the inevitable discovery doctrine in the 4th Amendment context, in that it posits showing that the government already knows or has an independent means of learning, virtually all of the information.
The problem with the doctrine here is not, as the Magistrate Judge says, that this only applies to documents (although, he may be right in terms of the cases that have allowed its use). Rather, it is that the government does not already virtually know everything that is on the hard drive (that is why they want to search it) and they need to the digital images of the child pornography the agent already viewed (what they already know to exist) in order to make an airtight prosecution against the defendant by proving that it is in fact digital images of sexual acts involving minors, and that he possessed them.
Also, as a factual matter, I am not sure Orin is correct when he states: "All the subpoena asks him to do is "open the lock" to his personal computer, which we know he knows. "
The opinion states that the agent at the station did not see Boucher enter the password the first time he showed them computer files. If that is correct, then, how do we know that Boucher knows this password? When the customs agent originally detained him, and booted up the computer (which could have been on standby) and noticed the pornographic images, the password already must have been entered by someone (not necessarily Boucher). That is why the agent was able to view the pornography at the customs inspection site. So, yes, you are forcing Boucher to admit that he knows the password if the court were to order him to enter it.
This doctrine --foregone conclusion--- should not be confused with waiver of the 5th Amendment. Some may say: well, hasn't he already told them everything? Here, Boucher waived his 5th Amendment initially when he spoke to the agents, so those statements he made, and information learned from them, can be used against him. But, this does not mean that he can be forced to repeat what he said to them. He can't. That type of waiver would only occur in very limited circumstances, such as when someone has already testified under oath. And, in those circumstances, the waiver extends only to the specific subjects on which one has previously testified. Cases agree that you can refuse to answer different questions than the ones you answered previously.
Really? I dare say that the evidence we have is more consistent with somebody who gets his jollies looking at pictures of adult women, but who uses image grabbing software to download ALL the picture files available at porn sites, and then sorts through it off-line at his leisure:
Doing that, it's a statistical certainty that you'll download child porn occasionally, and entirely plausible that you'd have some lurking in a directory you hadn't sorted through yet, even if you had no interest in the stuff.
I dare say the guy didn't realize when he first let the officers look through his drive that the law would not view this sort of relatively innocent circumstance quite the way he did, and got quite an education on the subject when he got around to talking to a lawyer.
If we use the safe analogy then asking for the PGP key, and subsequently the file directory, is more like asking for the vault combination and then demanding to know in which of the billions of "safe deposit boxes" the evidence the police want is stored.
Which leads me to my other question, I don't mean this to be mean spirited, but if the Volokh conspiracy is supposed to be a "Libertarian Law Blog," how does its most voluminous poster always agree with such government curtailments?
I understand law is not ideology. I understand legal libertarians don't tend to root their beliefs in such "natural rights," since they know this is a blank check to judges. But it doesn't seem to make a lot of sense to me. And for the sake of the ivory tower, I don't see as much neutrality in the legal analysis as you would from the average briefed filed by the U.S. Attorney's office.
From a decidedly non-law perspective, by demanding Boucher’s password the government is forcing Boucher to reveal ostensibly incriminating images and therefore that demand would seem a violation of the 5th amendment.
But how is this different from demanding an actual brass key to a locked file cabinet, the address to his vacation home or any other datum that upon inspection may further incriminate him? Which brings us to the difference between testimonial and non-testimonial acts. I tend to agree, for what it’s worth, with Orin that requiring Boucher’s password is non-testimonial and therefore not a privileged act of production.
In the end, I think the court decided well by applying the 5th amendment a little more broadly. In Boucher’s instance would 10, 100 or 100,000,000 images confirm his guilt? Correct me if I’m wrong, but one image of child porn is enough to send you away. If absolutely necessary for the government's case, I'm sure they have resources that would give them access to the incriminating data without violating the 5th amendment. If at the end of the day this perv is in PC for the rest of his life and our 5th amendment remains inviolate, I think we can all rejoice in system that worked. This time anyway.
Now, if a password is written in a security copy, can someone be compelled to disclose where the security copy is?
No, as that would be testifying. Can the person be compelled to give a notebook that may be suspected to contain the security copy where the password is written? Yes, as that is physical evidence.
Further, as to the act of someone testifying, a testimony may have two distinct goals: (1) corroborating something that is already known, or (2) providing something that is not known beforehand. Which case does the Fifth Amendment protect against? Both cases, seems to be the judge's conclusion in this case. I find no technical fault in this argument, as both cases correspond to providing "information" in the technical sense -- information, in Shannon's definition, is that which is not expected. If it would be expected, there would be no reason to ask for a testimony (for example, the password was found written on the back of the laptop and it works to open the files).
Fixed it for you guys. This is assuming a large supercomputer.
If he hadn't opened his big mouth, he'd be fine. Serves him right for talking.
We went over this a little while ago but there is no Libertarian Pope and certainly no reason to impute that any particular point of view on a legal case is incompatible with Libertarianism.
OK is not required to be neutral.
Just a thought, but child porn users tend to operate in networks, where they trade images with others. The police may be interested in tracking the images to see where they came from, where they were downloaded from, etc. Sometimes a particular image can be used to locate children who are missing. So additional material on the disk could be useful for reasons that have nothing to do with stacking charges on Boucher (though it would be useful for that as well).
Also, so much energy in these comments is being used to discuss whether the password is the same as a key or a combination. What this ignores is that a safe (whether it uses a key or a combo) can be physically defeated. Based on what the IT guys are posting here, PGP encryption can't be. So the police are being prevented from conducting a legal and proper search.
In a perfect world, the solution might be to jail Boucher on contempt until such time as he either unlocks the disk or the police are able to crack it. As one of the other posters put it, "thiscangoonforeverchump". :D
Unless it can be shown that the defendant actually entered a password during the encounter with the custom agents, it would seem that forcing him to enter the password now would in fact reveal what is in his mind.
Speak for yourself but I consider that world quite a bit less than perfect! The right to hide incriminating evidence from the police is fundamental, without it, every personal matter is liable to be 'inspected' by the state on the flimsiest of evidence.
If I were his lawyer, I would advise him to get http://en.wikipedia.org/wiki/Psychogenic_amnesia as soon as humanly possible. Perhaps we could just shorten it to "the Gonzales defense"?
stress induced retrograde amnesia
When does incarceration for contempt of court become cruel and unusual punishment? I recall when Elizabeth Morgan refused to disclose the location of her daughter in a custody battle and was incarcerated for quite some time
Prof. Kerr--it seems that everything depends on the fact that: "we already know he knows the password"; i.e., he already entered it and the police can testify to that.
Fine. The police can testify, the defendant picked up the computer, typed in a password, there was porn on the hard drive, etc.
But shouldn't we appreciate that there some space between that (i.e., the testimony--SOME evidence that the computer was his), and the defendant's entry / revelation of the password?
Maybe it's splitting hairs, but: "we already know he knows it" is not really accurate. We already know the police will testify the defendant entered a password. That's all. He can say they're lying, or whatever.
With password A you get to foo A which you want protected.
With password B you get to foo B which you want to give up to law enforcement. The moment any change is made to any file in foo B, all of foo A is randomized, unrecoverable, and appears to any search to simply be random noise within foo B.
As you have a valid backup of foo A off-site and very safe somewhere, you don't ever have to worry about a search. Give them password foo B and smile, smile, smile.
If you really want to make it interesting, make them fight your counsel for a while before giving up password foo B.
Do I have any kiddy-porn on my computer? Not to my knowledge, but I haven't looked at every file on my computer. Do I have files on my computer that have incriminating filenames? No.
Another possibility: The computer is used as a node in a file-sharing network and the guy has no idea what's on it - names or data. This seems entirely possible and completely legal (and presumes he is innocent, we're supposed to do that, right?) Having an encrypted hard-drive does not mean he is guilty.
Another possibility: His computer has been compromised by someone and is being used without his knowledge. This happens all the time. It has happened to me - I have the FBI file to prove it; thankfully it was a credit-card phishing scheme not child-porn.
If I were in either situation - or even suspected I might be - I would not reveal my password, either. Lord only knows what they would find on a random node of an trojan driven file sharing network. Even if there is no porn at all, I'd rather not fight with the music or movie industry, either.
An officer asks you to open a safe, you comply. He sees stacks of material in the safe and examines one or two items and finds that they are child porn.
He replaces the items and then shuts the door to the safe. They cart away the safe and now say, "Hey, we can't get back in! You have to open the safe for us again."
I would assume he doesn't have to. How is this different from that?
A computer connected to the Internet is not like that at all. Things can be on it without one's knowledge of what they are or how they got there (although I wouldn't want to explain it to a jury - based on my experience the more one knows about the case's subject, the less likely one is to be selected for the jury).
It's more like rummaging through the dumpster of a gated apartment building: Just because you know the combination to the apartment complex doesn't mean you were the one who put any particular item in the dumpster.
I, personally, can not afford the lawyers or the time to try to force that logic through the court system. I'd shut up.
It appears to me that the whole issue of self-incrimination by divulging a cryptographic key is one which the jurisprudence will have to deal with, in a manner much more focused than it appears to be at the moment, in a very near future. I also assume that in the present political climate, it will be possible for the "law enforcement galaxy" to pull the equilibrium to a point where the mere refusal to divulge the memorized key will be an offense in itself (cf. UK RIPA).
This is where things will get interesting.
Allow a digression: more and more, well-designed crypto-systems provide for (an optional) "two-pronged" protection mechanism: a memorized cryptographic pass-phrase (from which a "first half" of an encryption key is derived by a specific software algorithm) and a "key-file", recorded on some computer-readable medium (a mini-CD, for instance) from which a "second-half" of the key is derived. Both must be provided in order to decrypt the disk or the file, and in addition, there is no method whatsoever to determine if the pass-phrase is correct or not if the key-file is missing: the encrypted content remains safe.
If such a product is used, one can imagine the accused who, upon receiving the formal demand for the decryption pass-phrase responds with a phrase (any phrase!) and a recently microwaved CD with the explanation that at some point in time prior to being served the demand he performed the electronic equivalent of paper-shredding by destroying the CD with the key-file. Yet, unlike the paper analogy, the digital content would still be both unavailable to the accuser and available to the accused - perhaps he did not use the key-file at all, and the correct pass-phrase is still safe between his ears. However, there is absolutely no way (short of torture) for the accuser to prove this.
This might lead to the same treatment that an accused might be exposed to for the destruction of evidence (prior to ever being asked to produce it!), but, I would think, not to the contempt for refusing to divulge the crypto key. I would also expect that it would be difficult to prove that the "shredded" material was incriminatory without some independent evidence that established that the accused must have been in the possession of such material.
mitigator
John had it right and stuff: "I think the Fifth Amendment basically allows you to shut up and go limp until you are convicted or acquitted.
The government can take stuff from you (keys, blood, even stomach contents) but they can't make you say anything or do anything. Is there any case law out there that requires a person to talk or act?"
I think I responded to your comment a few weeks ago here.
More broadly, I don't think your characterization of my view is accurate. Sometimes I agree with the government (the Minnesota case you mention, this case). On the other hand, sometimes I don't (Thogsophaporn, Grubbs, Danforth, McCreary, Brendlin, the NSA domestic surveillance program, etc.).
Of course, it may be that I agree with the government more often than you do. But that's what's great about comment threads: You can show me where you disagree, and I can learn from your comments. I think that process works pretty well, but then of course you may disagree.
No. All encryption presupposes the existence of "plaintext" - the original data that is the input to the encryption process. The encryption process is then (plaintext)+(key) --->ciphertext .
It's quite a tortured interpretation to say that the ciphertext does not 'contain' the plaintext - it clearly does. It is also mathematically certain that there exists a reverse transformation that unambiguously recovers the plaintext (or else there would be no point).
No. All encryption presupposes the existence of "plaintext" - the original data that is the input to the encryption process. The encryption process is then (plaintext)+(key) --->ciphertext .
It's quite a tortured interpretation to say that the ciphertext does not 'contain' the plaintext - it clearly does. It is also mathematically certain that there exists a reverse transformation that unambiguously recovers the plaintext (or else there would be no point).
No. According to the subpoena, "Agent Curtis did not see Boucher enter a password to access drive Z".
The judge's opinion, the original post, and nearly all of the comments posted here so far have ignored the fact that the subpoena only directed Boucher to "provide all documents ... reflecting any passwords ... associated with the [computer]". As I stated previously (although somewhat more concisely), Boucher may be able to comply with this subpoena without disclosing the password to the court, and Boucher may be able to disclose the password to the court without complying with the subpoena.
The only issue I see in this case to which the Fifth Amendment is relevant is whether, after providing some set of documents to the court, Boucher can be required to declare under oath whether or not he believes that he has complied with the subpoena.
Also, note that the phrase "he believes that" cannot be removed from the preceding sentence: one frequently recommended method of generating a difficult-to-guess password involves taking the first letter of each word in some easily remembered sentence, then mangling the sequence of first letters slightly (substituting "2" for the first letter of "two" and its homophones, changing lower-case letters to upper-case and vice versa, etc.). If the password was generated by applying this method to a sentence in a published book, the book is a document reflecting a password used with the computer, as specified in the subpoena. If this process was performed by a person other than Boucher, Boucher may possess a copy of this book and not know that it must be provided to the court under the subpoena.
My laptop has four accounts on it - my main one, an administrative one, my SO's, and a guest account. I don't know my SO's password, but do know the administrative one, so I could theoretically get to her files. Both her and my accounts are stored in File Vault, a Macintosh transparent encryption facility.
Posit that I pass through customs (thus end-running the 4th), and am busted for something in my user account. Posit additionally that there's something illegal in my SO's home directory. I didn't know it is there, but due to having the administrative password, one could plausibly state that I had control over it.
Am I liable for that material, because I technically could have looked at her files?
What happens if that material is only uncovered after both the laptop and myself are back in the country - does the exception to the 4th somehow still apply to that data? What if they were separate disks, instead of just disk images? What if it were a separate computer that I had with me, but wasn't at the time used as a reason to arrest me?
To me, seems hard to draw a line between separate encrypted files, separate physical disks, and separate machines, from a technical perspective.
There are other cryptographic methods that I suspect will come to cause a lot of legal grief. For instance, there are methods for requiring n of m people to enter a password in order to decrypt a file (think of the 2 key security measures for launching missiles). Could a third party not (yet) under suspicion be forced to provide their password, if they might be incriminated in the contents? (I add the last, just to overlook, e.g., a storage lot opening a unit for cops under subpoena. )
I also wonder a lot of about duress codes - other's have speculated here. But if one password opens the encrypted partition, and another wipes it, what is the customs agent to do? They had suspicion, and they watched data being erased. Has the eraser broken the law? I could imagine saying that they were obstructing, but on the other hand, the agent asked the user to type something at the machine. It is even possible that such a scenario could play out in good faith, if, one password is 'Monkey' and the other one is 'monkey'. Typos happen.
I have to think that as average people become more crypto savvy, the law here is going to become insanely complex. Yay, technology!
I do appreciate you responding, both to my post and to these in general. You definitely make yourself available and I appreciate it, even for just the opportunity to shoot ideas back and forth.
In re: the thread response you link to, well that's fine. I agree you should have whatever opinion you do. But I will agree that it is somewhat inconsistent with the notion of being a big "libertarian blog," but it's a different question whether (a) that's really what the Volokh conspiracy is, and (b) whether I'd be reading such a strict libertarian blog in the first place.
In terms of your views, there's no way I can just broadly characterize your opinions, though I also don't think it'd be fair to say you're value neutral on the subject. I think several of the cases where you're not pro-government (particularly Danforth and Brendlin) are straw men, considering Danforth has a few different sides and some of the discussion from David Stras on Scotusblog make the issue pretty clear (though the Justices could throw us a curve ball), and Brendlin was not only a 9-0 decision, but the CA S. Ct was so out of bounds that the SG didn't even file a brief in support of its position.
But anyway, yes I suppose the answer is just you "agree with the government more than [I] do," but it just seems that the analysis is portrayed far more value-neutral than it winds up being. And this is particularly important since you're one of the few well-researched voices in the computer crime area. You might disagree that there's a need, but I think we need a few more scholars to emerge in the area, and balance, to my mind, is one reason. In any event this isn't meant as a sharp critique, but just the off-hand thoughts of a long-time reader buried in the comments of a particular post. Thanks for all your work in these areas. Whether this comment exhibits it, I do enjoy reading (and agreeing sometimes and disagreeing other times) your work.
And if the NSA figured out a way to make breaking PGP easy, they would most likely issue a warning. Remember, spying is only part of their purpose -- they also want to protect American interests, which means making sure US companies have encryption strong enough that the Chinese and Russians can't crack it. If that means some American criminals have encryption that gives law enforcement fits, well that's an issue for law enforcement, not the NSA.
Your comments a re really interesting, and they bring out the limits of blogging. I'm not an expert in everything, obviously, and it's impossible for me to completely research each issue before writing a blog post on it. I would say that I would normally need to put in at least 40 hours of research into a typical "really hard" issue before being really comfortable with my answer; until and unless I do that, I just have tentative thoughts. (And sometime i change my mind well after 40 hours, of course.) I can do that for an article, but it's hard for a blog post, especially on a recent case. Given that, blog posts are usually the 30-minute or 1-hour first impressions of a case; I then try to figure out more in the comments.
I absolutely agree with you that it would be fantastic if more subject matter experts blogged. I have personally tried to get other profs to blog about recent cases, but I can't seem to interest anyone in this. The folks I have talked to generally say that they don't have time. Those that have time say that it's just too nervewracking to put your reputation on the line everyday on really hard issues; no one can possibly get it right every time, and when you flop you flop in front of everyone. I wish I could persuade them to change their mind, but I haven't succeeded.
Next up on my Xmas list is getting more scholars to emerge in the area of computer crime law. Please, please, please!
We really need it, as there's so much going on. (Plus, selfishly, it's like the old story about one lawyer in a small town not being able to drum up business but two being very busy.) I think we'll get more in the area as the Supreme Court starts to take these cases, but until then it's likely to stay a pretty small crowd.
A Post-script: Based on the oral argument, I think Danforth will probably lose 5-4. If you think the opposition to his claims are a "straw man," you might want to watch out for the majority opinion.
Some of the other logic used is equally fuzzy. I find it very interesting that few have commented, lawyer and non-lawyer alike, on Boyd v. United States, 116 U.S. 616 (1886), (as mentioned in a post above) in which the Court held that the Fifth Amendment protected a party from compelled production of private books and papers.
Furthermore, I find it extremely interesting that a blog about legal matters fails to raise the issues of judicial, police and prosecutorial malfeasance and/or misfeasance. The "Actual Innocence Project" has proven to me, beyond a shadow of a reasonable doubt, that such exists. Then, too, there is the series in the San Jose Mercury News, "Tainted Trials, Stolen Justice" (Tainted Trials, Stolen Justice San Jose Mercury News San Jose, California Fredric N. Tulsky, Projects Reporter How Judges Favor the Prosecution In a fourth of jury cases reviewed ...
www.abanet.org/publiced/gavel/07/excerpt4.pdf) which shows that there is a tendency once a person is arrested, they must be guilty so the weight of the state is put behind proving it regardless of its truth.
Another point I'll make is that I find it extremely sad that, as far as I can see in the responses above, no one is discussing planted evidence used in retaliation or to extract vengeance by the police or third parties, a well documented fact.
On a final note, the whole "child pornography" hysteria reminds me of the Salem Witch trials. Yes, abusing children, or anyone for that matter, is wrong and should not be tolerated, but possession of pictures is not, in and of itself, abuse anymore than the possession of pictures of murder scenes and dead bodies from the mass graves of genocide is abuse. Sick? Most probably unless in a historical or documenting work, and even then there may be perverse hidden motivators that cause the studies to be done in the first place. Inciting abusive actions? Much, much harder to prove.
Does possessing Holocaust Denial literature turn one into a Nazi bent on destroying Jews, Gypsies, communists and others, as German law seems to say? Not in and of itself.
Actions taken to further the ideas are another story and can be treated just like any other abuse of the rights of others, and should be.
Too often, to me, the focus is in punishing wrongs rather than encouraging rights. Staying stuck in a reactive mode will allow far more tragedy than pro-actively raising our children to know right from wrong and act on it.
Thank you for your patience in reading this screed.
Allen
Some of the other logic used is equally fuzzy. I find it very interesting that few have commented, lawyer and non-lawyer alike, on Boyd v. United States, 116 U.S. 616 (1886), (as mentioned in a post above) in which the Court held that the Fifth Amendment protected a party from compelled production of private books and papers.
Furthermore, I find it extremely interesting that a blog about legal matters fails to raise the issues of judicial, police and prosecutorial malfeasance and/or misfeasance. The "Actual Innocence Project" has proven to me, beyond a shadow of a reasonable doubt, that such exists. Then, too, there is the series in the San Jose Mercury News, "Tainted Trials, Stolen Justice" (Tainted Trials, Stolen Justice San Jose Mercury News San Jose, California Fredric N. Tulsky, Projects Reporter How Judges Favor the Prosecution In a fourth of jury cases reviewed ...
www.abanet.org/publiced/gavel/07/excerpt4.pdf) which shows that there is a tendency once a person is arrested, they must be guilty so the weight of the state is put behind proving it regardless of its truth.
Another point I'll make is that I find it extremely sad that, as far as I can see in the responses above, no one is discussing planted evidence used in retaliation or to extract vengeance by the police or third parties, a well documented fact.
On a final note, the whole "child pornography" hysteria reminds me of the Salem Witch trials. Yes, abusing children, or anyone for that matter, is wrong and should not be tolerated, but possession of pictures is not, in and of itself, abuse anymore than the possession of pictures of murder scenes and dead bodies from the mass graves of genocide is abuse. Sick? Most probably unless in a historical or documenting work, and even then there may be perverse hidden motivators that cause the studies to be done in the first place. Inciting abusive actions? Much, much harder to prove.
Does possessing Holocaust Denial literature turn one into a Nazi bent on destroying Jews, Gypsies, communists and others, as German law seems to say? Not in and of itself.
Actions taken to further the ideas are another story and can be treated just like any other abuse of the rights of others, and should be.
Too often, to me, the focus is in punishing wrongs rather than encouraging rights. Staying stuck in a reactive mode will allow far more tragedy than pro-actively raising our children to know right from wrong and act on it.
Thank you for your patience in reading this screed.
Allen
In other words: don't use biometrics alone. Use them only in combination with actual authentication mechanisms.
And yeah, they could force someone to put their finger to a fingerprint reader: knock them out, then take their finger to the reader and you're done. The clever thing would be to make the system self-destruct if the wrong finger is used, but if the suspect has ever been observed using the correct finger, then they are still screwed. A secret finger sequence (particularly one that changes every time it's used) would be akin to a password, thus providing an additional authentication measure.
This case is most interesting. I don't see how the defendant can be compelled to reveal their passphrase, or the cleartext of any encrypted files unless there is a statute that makes the consequences of failing to comply comparable to those of being convicted of the crime of which they were accused, which charges the prosecution needs the passphrase or cleartext in order to prove. Why? Because no matter what the defendant's lawyer tells him, as long as the defendant knows the truth of his legal situation then the defendant can just "shut up and go limp" as was mentioned by another commenter. This is not a matter of what the Supreme Court has or might say about any case like this one, except cases where such statutes exist and are at issue. Such statutes do not yet exist, but they might someday.
Thus I believe even if the magistrate's decision were reversed on appeal (that is, even if Mr. Kerr's view is correct or close to it) the worst that could happen to the defendant is still that he could (and most likely would) be found in contempt of court and sent to jail for a long time, but for much less time than what he might get sentenced to if convicted of the original charges. At least that would be the case under current law (note: not caselaw).
Cheers!
In this field, mathematics has overtaken legislative beyond any hope. Confronted with a bunch of randomly looking bits, you:
a) can say that these are truly random, and not result of any deliberate encryption
b) you can be telling the truth or lie, but there is no mathematical way of proving either version
c) you can produce a "key" that "decrypts" the file into anything (!!anything!!) you wish using the so-called "One-time pad". An "one-time pad" with adequately constructed key can turn your random bits into a picture of your pet - or kiddie porn, for that purpose.
d) you can claim that you have never seen the file (uh? that thingie? Must be from Maggie whom I borrowed the notebook back in Sydney ... she was blonde but I do not know anything else) and that you have absolutely no idea about its content.
Oren: I think you are a bit confused about the "plaintext" terminus technicus. From the techie point of view, this "plaintext" need not be human-readable or need not have sense. Anything you get from the decryption device after applying a "key" is a "plaintext". If the encrypted file contained some meaningful content, then one key (the one you encrypted with) will provide you with that meaningful content, and the rest of the possible keys (in a good cipher, at least) some other "plaintexts", which will be random-looking binary garbage. But they are correct "plaintexts" for those other "keys"; "plaintext" is not necessarily meaningful, it is just an input to the encryption mechanism with a given key. And you can have perfectly good technical reasons to encrypt random data too.
Finally, the PGP security: encryption algorithms that depend on finding divisors of big numbers cannot be cracked by brute-force, unless the keys are trivally short. The best candidates, Number Field Sieve and Quadratic Sieve (I have implemented both of them at my previous alma), fall miserably short, as the time and resources needed grow sub-exponentially with the length of the keys.
Horatio: you do not use the lingo correctly. Prime numbers cannot be factored into anything else than 1 and themselves. You probably mean the large moduli, not large prime numbers (large moduli consist of 2 or more different primes multiplied together). "The quantum computing" and "the quantum cryptography" are two very different things.
"The quantum computing" is a theoretical concept and AFAIK no one really knows whether it will ever be really possible, let alone practical. If it was real and practical, algorithms for it exist that could theoretically break PGP in reasonable time: but no quantum computer exists yet.
"The quantum cryptography" is an encryption scheme that can be used for a secure communication free from eavesdropping. It is realistic and already deployed in labs. However, it has nothing to do with PGP and cannot be used for PGP cracking.
Last but not least, no one knows whether the NSA can break PGP. I am inclined to think that they are not; but if they could, it would be entirely appropriate for them to publish this fact. After all, American companies use PGP to protect their sensitive data; and if it can be broken by the NSA, it might be broken by the Chinese, Russians, Israelis (all three countries are cryptography superpowers...)?
Greetings from Prague, the Czech republic.
Really? I thought I was the only one. Go ahead - give me the largest prime number you know. I'll factor it instantaneously!
In fact, you can give me any large number, and I'll factor it pretty darn quickly for you, as long as it's prime.
(For the non-geeks out there - public key encryption is based on the difficulty of factoring large numbers, specifically large numbers which are the product of two large primes. Factoring primes, on the other hand, is trivial.)
(In any case, PGP Whole Disk Encryption doesn't use public key encryption, it uses standard symmetric key encryption, namely 256-bit AES.)
(Also, Robert Reese, the asymmetric keyspace - as in classic PGP - is sparse, so a 4096-bit key isn't as hard to crack as you're imagining. Very few 4096-bit numbers are valid asymmetric keys, and you don't have to check the invalid ones. 1024-bit asymmetric keys are considered pretty weak, whereas a 1024-bit symmetric key would be total overkill. The key in this case would appear to be a 256-bit symmetric key.)
However, some extra paranoid software can use, say, 4 ciphers in sequence, giving 256 bit key to every one of them (say, AES, Twofish, RC6, AES again).
However, the real issue with encryption/decryption and the correct plaintext is somewhere else.
Let us say that your adversary creates a file with random contents on your disk, with size being a multiple of a typical block size, and names it "nekkid_kiddies.pgp", then claims that it was encrypted with your PGP key.
You absolutely cannot prove that it is NOT encrypted with your PGP key. You cannot prove that it is in fact random garbage taken from /dev/urandom by someone else than you...
You failed to provide "the key", you go to prison (courtesy of British RIPA) - sort of Soviet-like, or rather Kafkaesque situation...
You absolutely cannot prove that it is NOT encrypted with your PGP key unless you provide the cops with your passphrase.
That is the real catch-22
I stand corrected -this is what I meant - the product of two large prime numbers
The first question is whether given data can be shown to be ciphertext. The answer is a resounding no. It could be dev/random or whatever nonsense, as you say. Where you go wrong, I think, is in concluding that therefore we can NEVER show that any data are ciphertext.
Consider the most blatant case, you have TrueCrypt installed and it keeps a history of encrypted volumes and the file "Temporary Stuff Pay No Attention" was the last thing in the list. Furthermore, the disk access logs show that this file was created right after the TrueCrypt program was installed. (If you want to be more blatant, the gov't installed a screengrabber but not a keygrabber . . .)
I believe I've now established, beyond a reasonable doubt, that "Temporary Stuff . . " is indeed a ciphertext insofar as it is the encrypted output for some plaintext. It is now a mathematical certainty that, for some key, that ciphertext can be decrypted into the plaintext that was originally input into TC.
MK: In Diffie-Hellman the modulus is prime. In RSA the modulus is a composite of two large primes. Thus not all moduli as used in crypto are composite. Also, let's stay away from quantum cryptography (those interested can search for the subject and figure out that QC is mostly snake oil: it's really only unauthenticated key exchange for point-to-point links [i.e., not end-to-end] and thus subject to man-in-the-middle attacks unless one adds "classical" cryptography to authenticate the key exchange, at which point one must wonder why spend money on something so revolutionary that it still requires the use of that which it was meant to replace).
There's many ways to go about authentication and a passphrase is one of them. Passphrases are typically referred to as, "something you know." So if your authentication mechanism requires a passphrase it is a single-factor authentication mechanism.
If your authentication mechanism requires two elements it would be called two-factor authentication. An example of this would be that you have to scan your fingerprint *and* enter your passphrase in order to be authenticated. This is a combination of "something you are" (fingerprint) and "something you know" (passphrase).
Since a passphrase is "something you know" then I can't fathom any instance, ever, whereby a person would be compelled to provide it without violating the 5th amendment.
Note: If a person doesn't actually know their passphrase and instead copies it from a piece of paper every time they enter it that would be "something you have" and NOT "something you know."
-Riskable
http://riskable.com
"To define a problem incorrectly is to ensure that it will never be solved."
Truecrypt supports similar functionality with the addition of deniable hidden disks.
Operating systems like Linux and BSD support encrypted file systems at a very low level in software such that the password must be made available to complete the boot sequence and without it nothing of significance can be recovered.
"The "Actual Innocence Project" has proven to me, beyond a shadow of a reasonable doubt, that such exists."
And what of this?
So what can the government do here? Appeal, obviously. Institute a policy when an agents suspects encryption or another access control - once you get access somehow, DO NOT turn it off until you've sucked the data off the drive! But short of that, there's not a lot they can do. This case wouldn't have even come to trial had the defendant been slightly more intelligent (basically, not using filenames that showed evidence of child porn, not answering with "maybe" when asked about child porn, emphatically not decrypting something when asked.) Against our theoretical smart-enough perp, the agent examining the laptop would not have ever suspected the presence of incriminating material...
Theoretically, it's true that encrypted whatever cannot be shown not to be pure random garbage.
Putting aside the unliklihood that a person has a partition of actual random garbage, it's pretty easy to show, in any real-life situation, that a given partition is not in fact garbage. Possible clues:
the presence of a program like PGP Whole Disk Encryption with configuration data pointing to the "random" drive
the presence of paths pointing to the "random" drive in various programs' Most Recently Used caches, like Media Player's
the presence old data in the page file or other detritus pointing to locations on the "random" drive
the presence of encryption metadata on or pointing to the "random" drive, such as block headers
It would be infeasible to make an encrypted drive look indistinguishable from a "random" drive unless you kept the access program off-box (like, on a floppy) and had an OS / apps that were guaranteed never to cache information from the "random" drive.
Never mind what he actually did say ... suppose Boucher were to say, "Hell no! I'm not giving you my password! I gave it to those @#$%&*! agents once to prove I didn't have child pornography on my computer, and then those lying weasels claimed that I did! I'm not going to give you guys the opportunity to plant incriminating files on my computer -- you've already proved to me that you're dishonest SOBs! Your Honor, why don't you have those lying officers strip-searched to see whether they're also carrying any bags of pot or coke to plant on innocent suspects?"
Note that in a real-world situation, the defendant might or might not be telling the truth. Does it matter? Should it matter?
After reading the full background in the PDF, there's certainly reason to doubt as to whether this person is really guilty. The defendant's claim was that they download content in bulk from newsgroups. For those unfamiliar with the pornographic newsgroups out there (it's kind of old-school technology at this point), I assure you that it's an ugly place. If you point software that does bulk downloads toward them and let it go unsupervised, you could easily end up with illegal images like child pornography on your hard drive that you had no idea were there. The presumptions here seem to lean toward the defendant being a) guilty, or b) stupid. It's quite possible the reason this guy waived his rights was instead just unsophistication. What if he thought being honest would be in his benefit--that he'd get into more trouble if they found the illegal content he suspected might be there if he were evasive about it?
What's really troubling about this whole area is that there's all kinds of ways files can get on your PC without you knowing nowadays. Talk to any tech who cleans out spyware regularly and you'll discover how easy it is for people to get things they didn't want on their hard drive.
The background also is clear the defendant never typed the password in at the checkpoint. Forget about using amnesia as a defense; the obvious one here is for the defendant to say they don't know the password--that someone else has typed in before for them and at the border crossing the PC was still caching it--or that the one they knew has expired. You could easily setup something like this so that if the password weren't entered within some amount of time, the data was shredded.
Not knowing the password isn't even completely impossible. I would bet *most* encrypted laptop drives are setup that way to secure the data of that person's employer. For every person I know who uses PGP personally, I'm aware of thousands of people whose corporate laptop is given to them with encryption. In that case there can be areas the employee doesn't even have access to, that only a system administrator can get into. It's doubtful that's the case here (not a lot of companies are buying Alienware hardware) but it could be a possibility in a future case in this area.
It's quite a tortured interpretation to say that the ciphertext does not 'contain' the plaintext - it clearly does. It is also mathematically certain that there exists a reverse transformation that unambiguously recovers the plaintext
I had no intention of using a "tortured interpretation" , but I think you are equating math with probability. There is a 100% chance that I can mathmetically transform any random number sequence you give me into a picture of "your cat" given the right algorithm and time. Math is infinite. The probability of such an action may be beyond reasonable doubt (the probability equates to a DNA finding raised on a logarithmic scale) but it is not beyond the boundaries of math. Every time you type in a key it may result in "plaintext". It just may not be the "plaintext" you were lookink for.
.
Maybe it's a semantic thing or maybe I'm misunderstanding you, but this seems wrong. If it were a "fundamental right" to hide incriminating evidence, then wouldn't the presentation of ANY evidence a person tried to hide, regardless of how it was found, be improper since it would violate this "right"? A right has to be enforceable, doesn't it?
I would argue that rather than a "right to hide incriminating evidence", we have a right to expect that the government has to make a case, follow specific procedures, and seek proper permission before searching for evidence or using it in prosecution.
Mathematicians and lawyers mean something very different by the same word "Proof" :-) I must admit that I am inclined to think in the mathematical meaning of the word...
Randal 12.16.2007 2:00am: I believe that a mildly Linux-savvy person could setup a Linux system to avoid most of the gotchas.
All: OK, during the night, another thought occured to me. Let us expect that Orins and Randals methods prove beyond reasonable doubt, that the file was in fact created by some encryption program. What if the defendant claims that the police corrupted the encrypted file by, say, turning the PC off incorrectly (ťherefore, some data was written down badly), and, as a consequence, he can no longer decrypt them themselves even with a correct password. It is often true for many encryption softwares: alter a single bit, and the whole container goes to hell.
Mathematicians and lawyers mean something very different by the same word "Proof" :-) I must admit that I am inclined to think in the mathematical meaning of the word...
Randal 12.16.2007 2:00am: I believe that a mildly Linux-savvy person could setup a Linux system to avoid most of the gotchas.
All: OK, during the night, another thought occured to me. Let us expect that Orins and Randals methods prove beyond reasonable doubt, that the file was in fact created by some encryption program. What if the defendant claims that the police corrupted the encrypted file by, say, turning the PC off incorrectly (ťherefore, some data was written down badly), and, as a consequence, he can no longer decrypt them themselves even with a correct password. It is often true for many encryption softwares: alter a single bit, and the whole container goes to hell.
Suppose, instead of computer files, we were dealing with seized documents in an obscure foreign language, or encrypted if you prefer. Could I be required to translate the documents? Or even to provide any clue to help them do so?
Why is this not analogous to this case?
The issue you bring up about not being able to tell between an innocent person and a guilty person for purposes of forcing testimony is pretty much irrelevant. We already allow the government to force people to testify about things that we think that they know. The only situation where you don't have to testify is if it would incriminate you. For example, if I my parent/child/girlfriend/sibling/best friend kill someone and ditch a gun, the government can force me to testify as to where they ditched the gun, and if I refuse, they can hold me in contempt of court and throw me in jail.
"It would be infeasible to make an encrypted drive look indistinguishable from a "random" drive unless you kept the access program off-box (like, on a floppy) and had an OS / apps that were guaranteed never to cache information from the "random" drive."
Nope, not true. It's not just feasible but trivial. The basic idea is that you have a single partition that contains a number of blocks. When you enter a key, it attempts to use that key to decrypt each block in turn. Whatever blocks you decrypt it links together to form the drive.
It can easily be rigged so that it is impossible to tell whether any given key decrypts all the blocks that lead to valid data. Each block instructs you to add a certain percentage of "nonsense data" to the list for all valid data you add, so every block could have produced the final state of the list.
Others:
Anyone who tells you they can destroy the data after too many invalid password attempts is lying. This is simply not possible with conventional hardware. The police will *definitely* make a complete image of the drive. They can always restore the drive to the state it was in when they seized it.
And even if the NSA can break PGP's whole disk encryption, they will never, ever take even the slightest chance that this will even be suspected. They would never risk that intelligence windfall for a mere criminal conviction. The last thing they need is even one guy going around saying that he protected some data with PGP and it mysteriously wound up being used as evidence against him. If people stop trusting PGP, they'll use something else, and that windfall goes away.
In any event, I doubt they can.
OK, that's true. But the previous two sentences:
are overstated.
I use Flagstone drives. Perhaps they don't qualify as "conventional hardware" but they do erase an on-board key held in a PROM after 5 invalid attempts. Yes, the drive can be imaged by removing the platters and reading them directly but that image is encrypted and useless. After the PROM is erased, the data is inaccessible. There is an optional provision for a backup/admin account that can re-enable the user account passphrase or wipe the drive and leave it ready for re-installation as new.
Further, many marketers of drives encrypted in hardware make a big deal out of how their drives are instantly de-commissionable, ie can be instantly destroyed, thereby making the administrative processes involved in cleaning a drive prior to disposal painless. Those processes are a big time sink in some organizations and the ability to instantly kill all the data on a drive is a big selling point.
So, instant whole-drive data destruction is not just possible but common with some classes of hardware. I won't use anything less in my personal computers, even if that does mean I'll pay, given the recent tanking of the dollar, nearly USD$1000 for an 80-gig drive. I have two such drives that I've, thankfully, had since before the dollar started its recent swan dive; I only paid about USD$600 for each of mine.
If you want more info, Seagate's Momentus FDE, Stonewood's Flagstone, and other drives are examples of the type. I believe Enova is another maker. Poking around for RFPs in the .mil domain can reveal all sorts of interesting stuff about how this kind of hardware gets acquired and used.
If you trust the encryption to protect the data, there is nothing you need to do anyway. The data is encrypted and an attacker does not know the key.
If you don't trust the encryption, instant drive destruction is useless. The encrypted data is still there in the same form as it always was.
Instant data destruction = throw away the key
(2) Someone suggested that refusing to comply with a subpoena has less penalty than child porn. Don't count on it. It is contempt, and if I recall correctly, one can be held for contempt until willing to comply with the court's order or the stars fall from the sky, or both.
(3) Regarding 'document retention', one shouldn't trust anything so small one can't see whether it is still concealing something or not. Insuring document destruction means destroying the storage device, such as a hard drive, for instance, by submersing the entire thing in salt water and then tearing it apart, or melting it into a blob, smashing it with a hammer, etc. Whatever brings an end to the ability of that device to relay information that ought not be relayed.
With all due respect, I believe whoever posted the original sentiment is more correct.
Going to jail for child porn is a death sentence in the sense that your life is over. If you survive the long time in jail (technically, the sentence for possession of child porn in some jurisdictions can be greater than the sentence for child molestation, but that's splitting hairs) locked up with a large number of men who will think ill of you because of what you're convicted of, you are then put into a society that brands you with a big scarlet letter, restricts your movements, subjects you to arbitrary punishments of varying sorts, and basically does everything possible to make sure you are unhappy and unsuccessful for the rest of your life.
On the other hand, if you're locked up for contempt, your time will be less hard for a variety of reasons. Your fellow jail inhabitants will have more respect for someone jailed for telling a judge to go jump in the lake than for a short eyes. You're likely to be held in a facility close to the court instead of a remote prison, thus enabling visits from family and your lawyers; this, alone, will likely make your time much less hard. The possibility exists that you'll be released if the judge changes his mind. The possibility exists that public pressure will influence the judge to change his mind; with a good PR machine, you could become a cause celebre for opponents of judicial overreaching. No matter what you're suspected of, few judges feel good about locking someone away for life without a trial. No matter how much of a hard case they are, the whole notion is inconsistent with any reasonable definition of justice. Sure, you could get a judge who cares nothing for justice and will happily keep you locked away forever for insulting his court but even in that case things could still change. Federal judges tend to be mature men; he could die in a few years. The judge who inherits the matter will have less emotion invested. The possibility arises, again, that you could be released. And if you are released, you're free, unlike someone who has served time for child porn who, despite the fact that they are out of prison, will be imprisoned forever without possibility of release by a patchwork of punitive statutes designed, despite their packaging as "public safety" measures, to continue punishing you in as many sneaky and demeaning ways as possible until the day you die.
No, I must respectfully disagree. Taking the hit for contempt is probably better than being convicted of this particular crime. (Insert some caveat about the possibility that your particular jurisdiction, your unique circumstances might cause you to reach a different conclusion; I recognize this possibility.)
The reference to DUI and tests is probably not similar. While the laws will vary from state to state most states will suspend your licenses for refusing the breathalyzer. It is in rare cases from what I understand that someone would be under court order to allow blood to be drawn. I would imagine that this is typically in instances of death or horrible injury.
I also find that the idea that the state would suggest that should Boucher enter the passphrase himself they the jury could be instructed to bar that from their ruling. Right or wrong the judicial system is just as fallible as those serving on the jury. It could be very difficult for someone to believe that since you know the passphrase that you weren't also aware of the contents of the drive. Understood that yes files could easily be put on your machine that you aren't aware of.
One other question, what would happen if this laptop were his employers laptop. What nightmare would that bring upon his employer. Would they have to prove or disprove that they didn't put those images on the machine?
But I've read that doing a raw scan of the hard-drive, and attempting every string found as a possible key works in something like 40% of the time.
Envision not an encrypted file, but a encrypted device. It is allocated a fixed section of disk, and fills it with random numbers. The software mounts a virtual partition, given a pass phrase, displaying a directory structure that is stored, encrypted, in the allocated section of disk.
Now suppose that that there was a second virtual partition, stored in the same section of disk, accessed with a different pass phrase.
Impossible? No. There is widely-used open-source software that does exactly this. It won't magically create innocuous files for you, but it will give you two distinct virtual partitions, stored within the same encrypted disk sectors, accessed with different passwords, and without revealing how much, if anything, is stored in either, or whether there is one or two virtual partitions present.
Many will call this guy sick, but if that's all he has on his laptop, he is no criminal.