More on Encryption, the Fifth Amendment, and the "Foregone Conclusion" Exception:
My Friday post on the Fifth Amendment and encryption discussing the Boucher case led to a very long and interesting comment thread, including several comments from readers who thought it clearly wrong to say that Boucher could be required to enter in the password even if no one doubted that he knew it. The basic argument was that entering in the password had a testimonial aspect to it, and the government could never compel someone to take those steps in a way that would hurt him in a criminal case — in Boucher, by leading the police back to the evidence on the hard drive.
In this post, I want to explain why I tend to disagree. It's my understanding that if the government already knows that Boucher has the password, having him enter it in generally does not implicate the Fifth Amendment privilege. Just to be extra clear, I'm not saying that I like the law this way, or that this is my personal theory of what the Fifth Amendment should mean. Rather, I'm saying that I think this is the correct result under existing caselaw. (So if you disagree, it's probably best to make your arguments in terms of cases, not Universal Principles of Justice.)
The key precedent here is Fisher v. United States, 425 U.S. 391 (1976), in which the Supreme Court considered whether the government could subpoena records involving the preparation of a person's taxes by his accountant over a three year period from the suspect himself, who was suspected of tax fraud. The Court concluded that the Fifth Amendment did not bar such a subpoena, even though responding to the subpoena would indicate the person's knowledge and control of the records and even though the government wanted to use the records to prove his guilt for tax fraud. Here's why:
In this post, I want to explain why I tend to disagree. It's my understanding that if the government already knows that Boucher has the password, having him enter it in generally does not implicate the Fifth Amendment privilege. Just to be extra clear, I'm not saying that I like the law this way, or that this is my personal theory of what the Fifth Amendment should mean. Rather, I'm saying that I think this is the correct result under existing caselaw. (So if you disagree, it's probably best to make your arguments in terms of cases, not Universal Principles of Justice.)
The key precedent here is Fisher v. United States, 425 U.S. 391 (1976), in which the Supreme Court considered whether the government could subpoena records involving the preparation of a person's taxes by his accountant over a three year period from the suspect himself, who was suspected of tax fraud. The Court concluded that the Fifth Amendment did not bar such a subpoena, even though responding to the subpoena would indicate the person's knowledge and control of the records and even though the government wanted to use the records to prove his guilt for tax fraud. Here's why:
Surely the Government is in no way relying on the "truthtelling" of the taxpayer to prove the existence of or his access to the documents. 8 Wigmore § 2264, p. 380. The existence and location of the papers are a foregone conclusion, and the taxpayer adds little or nothing to the sum total of the Government's information by conceding that he, in fact, has the papers. Under these circumstances, by enforcement of the summons, "no constitutional rights are touched. The question is not of testimony, but of surrender." In re Harris, 221 U. S. 274, 279 (1911).Under Fisher, courts have to make a judgment call about how much the testimonial component of the act of production will really add to the government's case. If the subpoena makes the target state some important fact that the government didn't know, then it's unconstitutional. See, e.g., United States v. Hubbell, 530 U.S. 27, 44-45 (2000), in which the government made the target collect his records, go through them, and identify which of the records revealed his crimes. On the other hand, if the subpoena makes the target testify about something that the government basically knows already, or is pretty unimportant, or could find out another way, then it's not unconstitutional. This is a fact-intensive test, requiring close attention to exactly what the government knows and what is relevant to their case.
When an accused is required to submit a handwriting exemplar, he admits his ability to write and impliedly asserts that the exemplar is his writing. But in common experience, the first would be a near truism, and the latter self-evident. In any event, although the exemplar may be incriminating to the accused and although he is compelled to furnish it, his Fifth Amendment privilege is not violated, because nothing he has said or done is deemed to be sufficiently testimonial for purposes of the privilege.
Related Posts (on one page):
- More on Encryption, the Fifth Amendment, and the "Foregone Conclusion" Exception:
- Magistrate Judge Finds Fifth Amendment Right Not to Enter Encryption Passphrase:
That said, one thing about passwords is that they can be, and often are, forgotten. On policy grounds, quite apart from the Constitutional analysis, I can see good reason not to adopt the rule that the person has to turn over the password (so long as it isn't written down), simply because of the difficulty of proving that the person didn't just forget it.
Now there's this wrinkle that the government was willing to let him enter the password without anyone looking over Boucher's shoulder, so that they'd have access to the files without knowing the password itself. But is that really enough to establish that he isn't effectively testifying to the content of the password?
I mean, what if a defendant knows the names and phone numbers of some key witnesses to a crime, and the government wants to talk to those witnesses but doesn't know who they are. Can the government put the defendant in a room with a telephone, and force him to dial up the witnesses and then put the government agents on the line (without revealing the actual phone numbers to the government)? That seems bizarre.
Perhaps stress-induced amnesia would be a better approach.
It's a question of fact, so I agree that this is the issue. But isn't that view rather unlikely? We know for a fact that it's his computer, and that he uses that part of the drive to store pornography, and that he has several images of child pornography there. What are the chances that he doesn't know the password to this portion of the hard drive? If he doesn't know the password, who does? Do you think Boucher has to go to someone else to have that other person enter in the password to access the part of Boocher's hard drive every time he wants to access the part of the hard drive containing the pornography? Who do you think this other person might be?
I'm a little confused by this sentence. What is this "if the government knows" standard?
It is up to the state to prove each and every element of the crime beyond a reasonable doubt. In the case of possession/transportation of child pornography, there's a scienter requirement. For all we know, the password-protected folder could have been placed on the defendant's computer when he failed to secure it adequately on a network, or when he left it open on his desk at work when he went to the bathroom, or by his roommate while he was at class. Requiring the defendant to supply a password forces him to admit ownership/control of the illegal files. Suddenly, the state has its burden of proving ownership/control removed.
At this stage, the government isn't asking for Boucher to tell them the password; they're asking him to enter it without telling them what it is.
I think Boucher already made that argument. If I recall correctly, that's why the magistrate judge amended the subpoena from an order to disclose the password to an order to enter it.
From what I can tell, facing contempt is better than a sure felony conviction. So won't all defendants "forget" the password?
Or does the government get an adverse inference that the child pornography exists?
One, what if the same password is used to secure other encrypted objects? Giving up the password would facilitate both proper and improper searches of those objects if they were in the custody of the state.
Two, this is far-fetched and I don't recall if it came up in the earlier discussion. Consider a case in which a passphrase is used rather than a password. (OpenPGP (RFC 2440) incorporates support for passphrases.) The passphrase could have been selected, on purpose or by inadvertence, in a fashion that make it evidence of a crime. For example, in this case revealing the pass phrase I prefer younger boys might be regarded as testimony against the person who chose the password.
Hmm. Years in prison for child porn....months (at the most) in a local lockup for contempt....
Tough call
The password itself would be excluded from evidence. The jury would never hear it.
In fact this strikes me as a good way to keep electronic records from the government. Use a randomly generated password on an encrypted disk and just keep the machine running all the time. When the government seizes it, they'll it off to cart it away, effectively destroying the very evidence they were trying to seize. Of course if you want to do this you'd better have an OS that doesn't crash and several layers of backup power supplies, so you don't accidentally destroy your own data.
But for child porn on a computer, isn't that kind of facetious? The crime he's charged with is possession of those files - any action he takes to make those files available to the police directly testifies to his access to, and possession of, those files. They can't say "well, we promise not to examine your possession of those files" because that is the entire point of prosecuting him in the first place (unless you'd like to argue that they're worried that he participated in the production of those files - i.e. raped some kids, which is unlikely - or that they're so willing to look at them for that purpose that they're willing to let him off the hook for possession of the files, also unlikely.)
Um ... No, we don't. We know that a couple of border agents of unknown trustworthiness and competence claim that he does. Has this claim been tested in a court of law? It might be true ... but we don't know this for sure. If (as seems plausible) Boucher downloaded a bunch of files from some website for later perusal, even he may not know whether he has child pornography on his computer.
1) It is true that as a facutal matter "Requiring the defendant to supply a password forces him to admit ownership/control of the illegal files." But this is not how it plays out in court. When one is compelled to provide a password (or any other documents etc.) that compulsion comes with "use and derivative use immunity" so that the infernce of ownership/control is a derivative use of the password that cannot be made. In practice, this means that the prosecutor cannot introduce into evidence any testimony about "who" provided the password. The pornography would be presented "as if it come over the transom"
2) Someone else asked "But why isn't the testimonial aspect of his entering the password the password itself?" Here the law has gone a different way -- for the same argument could be made about any other "thing" that a defendant is compelled to produce -- e.g. his blood sample or his DNA. There was a strong inclination in that direction in the 1800s (i.e. to deem the 5th Amendment as a privilege against being compelled to provide evidence from which one could be convicted) but the high water mark of that analysis was in 1898 in a case called Boyd. Clearly the implications of such a view for modern investigative techniques would be very challenging to say the least.
3) Finally, implicit in many of the comments is a seeming suggestion that documents or passwords as products of the mind ought to be treated differently than other more physical things. I confess a strong attachment to that view -- but again it is one that the courts have rejected. In general they say that if the information is created for an independent purpose (e.g. documents to keep track of drug sales) then the production of them to the Government is not compelled as the 5th Amendment intends that term. Again, it isn't a necessary reading -- but then think of all the information that is maintained as part of the regulatory state (e.g. records of pollution emissions) for an independent purpose. If you think that the password is protected then, perhaps, the pollution records are as well ....
I have taught this topic many times. I think the only fair thing to say is that the issue is confused and it is very hard to find a consistent theme. What a great hypo for class.
It wouldn't be that difficult to prosecute DNA cases without compulsory blood tests or mouth swabs. If you can get a warrant for a cheek swab, you can get a search warrant for the defendant's home, and find any number of objects loaded with his DNA.
I still don't understand how this is within the scope of a 'subpoena' as classically understood. Black's Law Dictionary describes a subpoena as, "a command to appear at a certain time and place to give testimony upon a certain matter"
Clearly that definition does not apply. You can also subpoena documents and other physical evidence, but the government already possesses this evidence: it seized the computer.
Say the document was written in Italian. Is the defendant obliged to provide the government a dictionary with which to translate the document? Clearly not.
The entire 5th amendment discussion became a red herring once we agree he wasn't being asked to testify.
(Ergo, then, the subpoena has no lawful purpose.)
What's troubling about this case is that the government wants Boucher to do just that -- to generate a document for them (by typing the password into a dialog box) -- but the government claims the act is non-testimonial because the government doesn't want to *see* the password.
Imagine in a tax fraud case that a defendant kept all his financial information in his head. It is a foregone conclusion that the defendant knows his own financial data, but the government can't force the defendant to verbally reveal that information. So the government sits the defendant down in front of a computer loaded with tax software. It forces the defendant to prepare his previous years' tax returns based on the financial data in his head. The software calculates the defendant's tax liability based on this true financial information. The government doesn't see the data the defendant enters; it just sees the final tax liability the software calculated.
Surely the government can't do that -- but that seems very much like what the government is trying to do here.
And the government already possesses the documents in question. What they want to do is compel an act that's neither related to acquiring possession of documents nor in itself (by their own admission) testimonial. This is precisely the problem.
This case would be easy if, as in the financial document cases Orin cited, the defendant had a sheet of paper lying around with the password written on it, and we knew he had that sheet of paper. The government could just subpoena the sheet of paper. What makes this case whacky is that the government needs the defendant to actually write the password for them, not just to produce a pre-existing document containing the password.
The analogy of PGP encryption to a safe with a key or combination has limits. The password does not merely allow a user to open a folder on a computer. Supplying the password actually transforms some of the ones in the files to zeros, and vice versa. The photographs don't exist as anything other than completely meaningless ones and zeros without the password, which forms part of the instructions for which ones to transform into zeros.
It's easy to demonstrate that documents in a safe exist even when the safe is locked (cut through the side of the safe and they'll be there). An encryption program, on the other hand, turns the document into a string of pseudo-random bits that cannot be reconstructed without the encryption key. Rather than the safe/key analogy, a better interpretation might by taking a book and cutting up the pages into individual pieces of paper each with a single letter on it. Of course it's still possible to reconstruct the letters into the original text, but it's also possible to rearrange them into many other texts. Would you say that the original text is still there even after its been cut up?
handwriting exemplars, and voice line-ups: , if the police are investigating a bank robbery by a masked perp, they can make their suspect get into a line-up, with a bunch of similarly masked guys, and make him and each them say, for the witnesses, e.g. "Gimme all the money, and nobody gets hurt" or whatever the perp said, in order to compare voices; all consistent with the 5th amendment, at least last time I checked.
As to "One Man's View"s take on the admissibility of the fact of D supplying the password, I'm having a hard time seeing which part of the government's case gets excluded:
A. "the prohibited stuff is on the computer"
B. "the computer was in D's possession and control when seized";
C. "the computer is D's"
D. "the prohibited stuff was encrypted";
E. "the prohibited stuff was put on the computer while in D's possession and control, using encrypting software also put on the computer while in D's control" (offered to show knowledge of possession/consciousness of guilt)
OR
F. "We got the password from D."
If all that gets kept out is F. a jury would have to be mighty thick not to infer F.
*One-time-pads excluded. This applies only to situations where the key is significantly smaller than the cleartext.
Or, perhaps, taking a small, low-res child pornography image, blowing it up so that each pixel was one square centimeter, printing it out, and cutting it up into individual pixels. On the back of each pixel-scrap, you write the instructions for where said piece goes in a secret language that you made up and which only you know.
Your analogy is wrong (one-time-pads excluded) because there is a unique cleartext that was the input to the encryption. Furthermore, we can reconstruct that cleartext by noting that it is highly improbable that two separate valid cleartexts will produce the same ciphertext (2^-(key length/cleartext size)) and so any key that produces valid output is almost certainly the right one.
To put it in terms of your book analogy, first note that you can't scramble the letters arbitrarily but must follows a pattern (this is the scrambling mechanism). This alone throws out virtually all the other valid 'books' that can be constructed from the same ciphertext. Things are even worse for you because encrypted data is always provided with a checksum (actually a hash these days) that you can use to verify that the decryption worked properly. If the decrypted data match the checksum AND are valid then you have to conclude that either (a) you've provided the right password or (b) you've observed TWO obscenely rare events.
You're correct, but what does that have to do with anything I said?
My point was that a PGP password is not like the key to a safe in the sense that a key provides access to existing documents. A PGP password creates a human-readable document. The human-readable document cannot exist without the password. Those documents in the safe exist in human-readable form regardless of whether the key exists.
I don't want to get into a huge cryptography discussion. My point here is that the key/combination/safe analogy to PGP encryption has limits. I think it's important to keep that in mind because there are other data security systems that are in fact closer to a key/safe. Consider the common security step of requiring a password to log in to a user's account on a computer, or to wake from a screensaver. If you don't supply the right password, the OS won't let you access any of the files on the computer. But the files aren't encrypted. If you connect the hard disk to another computer and run it as a slave, or pop open the hard drive and read the bits manually, you'll get the data. That's a better fit for the key/safe analogy - something you could never do with a file that was truly encrypted.
The odds of two cleartexts giving the same cipher text are 2^-(message size) independent of key size.
As far as checksums go, suppose that the book were "keyed" such that the numerical value of each line (a=1 . . .) was printed on the margin next to the line. In that case, it is infinitely improbable that there are two ways of unscrambling the book that lead to every line adding up properly.
That's just plain wrong. The information for the human readable document exists in the cipertext. It is a trivial matter (mathematically, not computationally) to try every possible key until we find the one* that hashes correctly.
*The odds that there are more than one such cleartext are vanishingly small.
But to do that you need the encryption key. Unlike your safe example, where you don't need the key to prove the existence of the documents (as long as you have safecracking tools), an encrypted document effectively doesn't exist without the key. Absent the key, those bits could mean anything.
Given that we have established that the block of data is ciphertext, everything I said follows.
Given an modern encryption algorithm with a decent key length there isn't enough computing power available on then entire planet to do this in a human lifetime. So I stand by my statement, absent the encryption key, the document effectively doesn't exist.
Sorry for the snark but, as a math person, I am occasionally driven mad by statements that are provably false. It's a personal failing. (PS, you should still read the link in my previous post).
This, I think, is precisely what the 5th is supposed to prevent. If the information the government wants is only in your head, then they can't pry it from you.
A good analogy might be if the government has almost conclusive evidence that a person committed a particular crime but not another crime. They want to get an ID from a witness to the first crime to make their case in the second crime. The witness didn't see the suspect, but heard him say something, only she doesn't remember exactly what he said. She remembers what it meant but not the exact words, the suspect in the second crime remembers the words.
Can they compel him to provide the words he spoke (assuming they are not testimonial) to enable them to do a voice lineup to gather evidence for the second crime?
IMO, all the other analogies and cases fail because they are not seeking something that exists only in the mind of the suspect.
Excellent. I just encrypted my middle initial by assigning a random number between 1 and 100 to each letter. My middle initial encrypts to 52. Please tell me what my middle initial is.
The thing is, by designing the encryption carefully, I can make 'TINY' as big as I want, all the way up to almost 100%.
Look again. The "effectively" was there in my original post.
As a computer person, I am occasionally driven mad by mathematicians who say they can do something but don't bother to include the caveat that I'll have to wait until after the end of the universe to find out the answer. :-)
Orin: I also asked this on the other thread but didn't get a good reply. In short form: (1) is furnishing the (admittedly encrypted) drive Z sufficient to comply with a subpeona for the contents of drive Z ? (2) May the government subpeona documents which only exist in potentia (they can be generated from the contents of drive Z but only by someone who knows a secret) ?
Here's a hypothetical: in popular dramatization of the Al Capone investigation (a tax case), the government obtains his business records. Unfortunately they are written in code so it cannot be proved that he had undeclared income. The government then convinces Capone's accountant to explain the meaning of the code, but this requires an offer of immunity. Why couldn't they simply force Capone himself (or the accountant) to interpret the ledgers?
This case points out the utility of encrypting your whole disk. Truecrypt will do it for Windows machines and PGP sells software the will do it for both Mac and Windows machines. If you go to a country like the UK where they can force you to reveal passwords then use steganography. This will hide the encrypted files inside an innocent looking “container.” Audio files especially ones using the WAV format provide excellent containers. Many people carry around large quantities of digital audio and image files on their laptops. Some music CDs have white noise added to the signal amplitudes to overcome aliasing of the amplitude domain. This is similar to using a low pass filter in the time domain. The white noise can be replaced by encrypted material. In short you can make it very difficult for the authorities to invade your privacy.
This is a one-time pad, not keyed encryption. Furthermore, all of this presupposes that we know the method of encryption (or at least the set of possible methods).
(1) Given Moore's law it won't really be that long.
(1b) Problems like this are embarrassingly parallelizable - I'm sure the NSA has a large farm they could get this done in a few months tops.
(1c) Most likely, this guy chose a short alphanumeric password - a fact that will reduce the search considerably.
(1d) Clever application of a rubber hose will reduce the search to O(1).
(2) What matters is that the cleartext exists in principle. Consider a similar (perhaps) situation of a safe loaded with dynamite that will destroy its contents (if same exist) if any wrong combination is entered or any attempt to circumvent the lock is detected (the detector is perfect). Do the documents inside it exist?
(3) I do statistical physics simulations for a living. Believe me, I know what "forever" when it comes to a computation reaching a termination point.
Analogy denied.
Very good advice.
I wonder if one could argue that, as it exists now, without the password, the defendant can't be charged with possession of child pornography simply because child pornography /doesn't/ exist at the moment.
There are no data on that computer, when read by a conventional program (think MS Paint, Preview, Acrobat) which will reveal imagery of a child in a pornographic situation.
It requires that data somehow be /transformed/ before child pornography exists - could this be akin to how someone might possess the ability to transform a magazine into a kidnapping demand (presuming that possession of that demand is illegal), yet at the moment, that person possess a magazine, and not the contraband. How can you be prosecuted for that?
The Boucher case concerns a subpoena that compels a physical act that, if done, reveals (let's assume) substantial incriminating information.
A federal GJ subpoena for hand-writing or voice exemplars or blood present no problem. That is, a subpoena can compel a person to do something, such as give blood.
But these are identifying characteristics (as SCOTUS has put it), so the act of production is not testimonial. Here, though, Boucher's act of entering the password is not an act revealing a mere identifying characteristic. So this line of cases should not apply.
Also, I have to disagree that Fisher (and Doe) are controlling -- or the closest controlling cases.
In Fisher, the Court was dealing with -- and I believe Powell's opinion, in jettisoning Boyd, focused on -- the fact that the subpoenaed documents had been voluntarily created, so no compulsion existed. Once proof of their existence is established, they must be produced.
For me, the important, distinguishing fact is that in Fisher, the government's subpoena/summons sought materials that had already voluntarily been reduced to a form that could be identified independent of any act of its creator -- as in Teeple. (I don't think that whether the created form is called tangible, like a piece of paper, or intangible, like a bit of information on a hard-drive matters.)
But in Boucher, that's not the case. Nothing has been voluntarily reduced to an independently identifiable form.
The subpoena targets information through an act of compulsion that goes beyond mere identifying characteristics. And it seeks information that has never voluntarily been reduced to an independent form that can be secured without Boucher's assistance -- whether or not we know or believe he can assist. At least in Teeple, there existed third-parties who could verify the documents existence and, crucially, their contents (though perhaps without exactitude). Not the case with Boucher.
Just an argument.
I've debunked this so thoroughly so I'll just say it again, the ciphertext contains the plaintext. Encryption has no meaning whatsoever if there were not a one-to-one mapping between the two!
At this stage, the government isn't asking for Boucher to tell them the password; they're asking him to enter it without telling them what it is.
1. Please explain the distinction between being forced to reveal a password verbally versus being forced to reveal it by tying it in.
1a. Why isn't it safe to assume that by typing it in, the government gets to know it?
2. I would be a lot more comfortable if they just issued a subpoena for the unencrypted contents of drive Z. Why isn't it suspicious that they don't issue this subpoena and instead are issuing password-related subpoenas?
2a. I assume there is a rule that subpoenas must be constructed narrowly. Isn't asking for the password overbroad when what they are after are the files?
Even if we combine Moore's Law and parallelization, the search space is still prohibitively large. It's been nine years since the DES cracker was built and Moore's Law says speeds double every 18 months, so let's assume a current DES cracker would be six times faster. You mentioned a few months, so lets say we want to search the keyspace in 72 days (eight times longer than the DES cracker took). That knocks down the size of the hypothetical NSA server farm to 2^190 specialized computers. This is still an unreasonably large number. To give this some scale, if the entire $2.9 trillion federal budget for one year were allocated to buying computers for the NSA, in order to buy 2^190 computers they would have to cost about .0000000000000000000000000000000000000000001848 cents each.
A dictionary attack is usually the best way to get access to an encrypted file (assuming that the rubber hose isn't an option). However, according to the opinion in this case, the government has tried but without much success: "The only way to get access without the password is to use an automated system which repeatedly guesses passwords. According to the government, the process to unlock drive Z could take years, based on efforts to unlock similarly encrypted files in another case. Despite its best efforts, to date the government has been unable to learn the password to access drive Z." So it seems that Boucher must have chosen a pretty strong password.
I'll have to retreat the possibility of rubber-hose cryptanalysis which will, the legality of such a technique notwithstanding, produce the cleartext in O(1) time.
The question then seems to be can the goverment compel Boucher to open the safe for them?
Orin, perhaps you can help out here: If the government served a search warrant on a home, can the government compel the homeowners to open any safes that are found on the premises?
Personally, if it were me, I'd be keeping my mouth shut, regardless because there is no upside. If Boucher does in fact know the password (and let's face it - the encrypted drive is on his laptop. The likelihood that he doesn't know the fact that the drive is on his laptop, the password to it, and what is contains, is vanishingly small).
The two questions that I'd really like to know are:
1) What made the agents suspect that Boucher had child pornography at a land border POE as he's transiting in his car? That's interesting in and of itself.
2) Why on earth did Boucher talk as opposed to clamming up in the first place?
This gets us to the legal point: even of Orin is right, this case makes clear that there is at least some debate about the legality of compelling a person to produce their password. If Boucher hadn't been stupid enough to show the border patrol agents the Z drive, there wouldn't be any foregone conclusion and thus no way for the government to compel production of the password. However, if Boucher had chosen a really complex password and written it down, the government could certainly compel the production of the piece of paper with the password on it just like any other document. If he'd gone with biometrics, let's say, a fingerprint reader, it seems like the government could compel him to produce his fingerprint (indeed, since he's been arrested they have his fingerprints already). Dictionary attacks may not be good enough to break any encryption right now, but I can see the day when they may limit people to encryption methods where the government can compel them to produce the written password or biometric without implicating the fifth amendment.
They took the computer into government custody and then made a copy; the original is still in government custody.
Now my serious question: Say the Government has some evidence that someone uses the Internet to run a criminal enterprise. The suspect's computer is lawfully seized.
Scenario 1: A large file with the identifier PGP is found.
Scenario 2: Only random data is found. Of course encryption is immediately suspected.
Scenario 3: It is known that certain e-mails whose text consisted only of random data were received. They were found on the computer still only containing gobbledygook.
Can the password/-phrase be gotten by subpoena?
Steganography may make sense for hiding some contact information or a short message, but it is unsuitable for anything large if the aim is to conceal not only content, but also presence.
I believe the government has said that it will not [try to figure out the password if he types it in]; if it does, that evidence cannot be used.
Is that how the 5th amendmenet works generally? "We know we can't legally get you to tell us this info, but tell it to this third party, and we promise we won't listen. It will be inadmissible."
What does it mean to "issue a subpoena for the unencrypted contents of drive Z."? They have the drive in their possession. How is Boucher supposed to comply with a subpoena to hand over evidence the government has taken from him?
That starts to sound like Hubbell, where the prosecution is asking the defendent to help interpret the evidence in order to make it incriminating. If the laptop turns out to be useless, they should give it back to him, and then subpoena the unencrypted contents of drive Z.
1) I do not understand what it means to say the 5th Amendment "generally" works like something. Fifth Amendment cases arise in many contexts; I do not think there is a "general" working.
2) I do not understand why you think the argument sounds like Hubbell. Boucher is not being asked to "interpret" his child pornography; the only "interpretation" in Hubbell was the identification of which of Hubbell's files were incriminating, and Boucher isn't being ordered to do that.
In fact, suppose that the perp here had been a serial killer and his computer has an encrypted word document that is a list of the locations where his victims are buried. To give the encryption key is to give the burial locations. In this case, to give the key is to give the images ... and thus self incrimination. At least so it seems to this layman!
I also think it is incorrect to dismiss the argument that an encrypted image file is not an image file until the decryption software (with key) acts upon it. Were it so simple as the file being contained within the encrypted file but for a few bytes of chaff added-in, encryption would be no protection at all and the prosecution would simply take the file and strip the chaff.
CDU's explanation above is why the US Gov't goes bonkers over the export of encryption technology, because even if they intercept a message that they KNOW reveals the details of a terrorist plot, (barring a stroke of luck far less likely than hitting 5 consecutive Lotto drawings) the plotters will have been dead for centuries before they get it decoded.
“Steganography may make sense for hiding some contact information or a short message, but it is unsuitable for anything large if the aim is to conceal not only content, but also presence.”
You don’t detect steganography by looking for a file that’s “too big.” The message bits are generally substituted for the container bits. In a 16-bit WAV audio file, the least significant bit is virtually random. A four-minute WAV file gives you the capacity (assuming 40khz sampling) of putting in 1.2 MB of information—enough for a jpeg image. Of course audio files are generally compressed which changes things. Nevertheless a WAV file is certainly a legitimate enough file to have.
As I wrote above: What if a defendant knows the names and phone numbers of some key witnesses to a crime, and the government wants to talk to those witnesses but doesn't know who they are. Can the government put the defendant in a room with a telephone, and force him to dial up the witnesses and put the government agents on the line (without revealing the actual phone numbers to the government)? That seems almost exactly analogous to what's going on here.
The general structure of the situation seems to be this: There's a certain piece of information that could be used to help the government's investigation. Instead of forcing the defendant to testify to the information, the government forces the defendant himself to put the information to use in such a way as to further the government's investigation.
It seems crucial to this scenario that the government's epistemological route to the ultimate evidence against the defendant (in this case, the child porn) goes through the actual content of the defendant's mental knowledge. It's not the fact that the defendant knows the password, but the password itself, that unlocks the drive. Sure, the government won't learn the actual password, but they're gaining information that they can get to only through the content of the password.
The difficulty with your proposed hypothetical is that it seems to ignore the facts supporting the application of the "foregone conclusion" exception. This entire post is about that topic, and the relevance of the fact that we know Boucher knows the password. The whole case rises or falls on that question. Your hypothetical changes the facts by taking away our knowledge that the target knows the numbers; given that, I'm not sure what it is supposed to prove. And more broadly, there are no cases on your hypo, so I don't know how it can establish your point.
While I realize you're mostly interested in the foregone conclusion element here, I was wondering what the legal standing would be like if it wasn't present. If the government had found indications of child porn on Boucher's computer, but he hadn't shown them the contents of drive Z, am I right in concluding that mere suspicion that it contained child porn would not be enough to compel him to produce the password?
Is there caselaw to support your contention that it is ok to compel a person to disclose information which all parties agree is protected by the Fifth Amendment, so long as the information is disclosed only to a third party, and the government disavows any interest, and indeed guarantees that should they find the information out from the third party, it will be inadmissible?
If the government had no evidence that he knew the password, the Fifth Amendment would block any effort to compel him to enter it (whether with reas susp, pc, or something else).
Randal,
I'm not exactly sure what your reframed question means, but as literally posed, I can't think of any cases on either side.
I'm trying to know whether there's precedent for compelling a person to disclose information that is protected by the Fifth Amendment simply by attempting to limit to whom the information is disclosed and/or by stipulationg that the disclosed information itself would be inadmissible (other than via an immunity grant).
Isn't ownership, use and control of the computer evidence enough that the user is in possession of a password? Where is the threshold that creates this evidence?
Not necessarily. There are password management programs that allow you to generate arbitrarily strong random passwords and store them in an encrypted database. If a criminal were savvy enough to use such a program he wouldn't need to know the password himself, just the password to get the password. And if he were especially smart, he'd keep the database on a flash drive separate from the hard drive holding the encrypted files -- destroy the flash drive and the encrypted files are irretrievable.
Good point. Now is he guilty of obstruction of justice?
I'm probably way off base, but my understanding of obstruction of justice is that it only applies to hindering the investigation of of a 3rd party, ie, you would be obstructing justice if you weren't necessarily the target of an investigation, but you provided false information or destroyed evidence relating to the investigation of a 3rd party.
Actually, I disagree. I think this would be better phrased as "potential control". As a practical matter, shared passwords are common in IT environments (not good practice, but common). For instance, were I inclined, I could place illegal documents in the home directory of several hundreds (perhaps thousands, I haven't counted) of people, modify the ownership, timestamps, and logging systems to erase my tracks, and unless one of the people who also has root on those machines actively noticed, there would be no reason to suspect I did so. (Of course, ignoring other potential evidence.)
Given that I have the capability to do so, I would hate to be liable for whatever those people are storing, and I truly hope that this doesn't become the standard. Given that I don't even know what all sorts of files I have access to (and this is an operational ethics issue - you don't read your user's mail, modulo a court order or a demand from management, and only then after talking to council), this is the sort of thing that keeps thoughtful sysadmins up at night.
And I thought I got away from that sort of thing by going into software. Turns out, I have more access than I did before. Sigh.
It's like the govmnt suspects a person of foul play, and if they don't lead the police to where the bodies are buried, they charge him with contempt.
It's like the govmnt suspects a person of foul play, and if they don't lead the police to where the bodies are buried, they charge him with contempt.
That, I think, is a good example of a bad technical argument. I can easily set up an infinite* field of references (pointers) to data that may or may not exist on most any modern operating system. At which point the pointer of interest amounts to... a password, leading to the same problem.
*Or at least larger than the number of atoms in the universe.
For example. I set up an alias file "myData", and point it to "Z:\f1\f2\myDataV1.txt". Later on, I actually create the V1 file. Later still, I update V1 to V2. I then go back to the alias file, and change the path to "...\myDataV2.pdf". Why would I do that? Because I put the alias file on my desktop, which is much easier to navigate to, instead of traversing a bunch of folders. And the desktop alias file I intend to embed its path in all my other applications. Thus I am free to modify my data directory structures as needed, and only update the data path in one place.
We don't create alias files to hide data, but to simplify its maintenance. I don't think your scenario applies. Your scenario sounds like security through manufactured obscurity, which isn't.
I claim it's still not a foregone conclusion. In Fisher, the accountant directly testified as to the existence and contents of the documents. However, directory and file names are chosen by the user to help them remember where they put the data they are looking for. They are memory aids, which don't necessarily correspond to actual contents.
You can subpeona documents/items/handwriting you know to exist, and force the defendant to deliver them, but you cannot force the defendant to supply information that exists (as far as the prosecution knows) ONLY in the head of the defendant.
If that is true, then there might be two cases with the hard drive: 1) a password that just gives access to the hard drive; 2) a password that unencrypts the documents there.
The first would be like asking a defendant to unlock a safe that would take a long time to open.
The second would be like asking a defendant to interpret a code that only he knew (are all the letters shifted by one, or two) because the defendant went to the effort to make all the documents unintelligible.
The second I believe would be protected by the 5th Amendment. Since the defendant went through the effort to make the information unintellible, it would be like finding a note that said "the X is buried at Y" and asking the defendant "Does X mean body?". That testimony cannot be compelled.
I am not sure what the law is in the first (combination lock) case. My guess is that it would be protected by the 5th, but I am not sure. This case must have some existing case law. Can a court compel someone to unlock a locked door or safe?
Just my engineering opinion BTW, not a legal one.
The laptop I'm currently typing this on contains, according to the Finder, about 400K files. Some of them are disc images, some those of them encrypted (including my home directory). Those, in turn, can and do host many more files. At least one of them nests, and hosts other disc images. It also contains pointers to a detachable drive, which contains, amongst other things, backup data, again in a disc image format. Access to that backup info is encrypted.
(No, I'm not paranoid, it is just that I sometimes handle data that is sensitive, and it is easier to do it this way. But preferably, everyone would be this careful. I hate the "if you have nothing to hide..." argument.)
Additionally, there's another home directory that's encrypted, to which I do have access (in that I have the passwords to it), but have never looked at.
Please explain to me what I can be compelled to implicitly claim ownership and control of.
As to my example, if 0x21fd872b contains incriminating evidence, and the space is sufficiently filled with plausible garbage, how do you consider the address different than a password? And how is a 'virtual' address like this different than the location of where the bodies are buried?
I don't see why that matters. They need it. He has it. It's in his head. End of story.
For yet another analogy, imagine if I'm charged with murdering someone. My defense is that it was accidental. They don't know where the body is. Clearly, I know where the body is.
Can they compel me to either tell them where the body is or take their blindfolded expert to it, let him pick up the body, and return with the body?
Assume they just want evidence from the body and don't care where it is. Where the body is exists only in my head.
As I said, the whole point of the 5th is to render the contents of the suspect's head off-limits to the prosecution.
I would argue this also applies to FMRI or EEG "lie detector" tests. You simply cannot compel a suspect to reveal the contents of his head.