Forgot your password?
typodupeerror
Crime Encryption Privacy The Courts Your Rights Online

US Appeals Court Upholds Suspect's Right To Refuse Decryption 358

Posted by Soulskill
from the still-vulnerable-to-$5-wrench-decryption dept.
An anonymous reader writes "The U.S. 11th Circuit Court of Appeals has found that forcing a suspect to decrypt his hard drive when the government did not already know what it contained would violate his 5th Amendment rights. According to Orin Kerr of the Volohk Conspiracy, 'the court's analysis (PDF) isn't inconsistent with Boucher and Fricosu, the two district court cases on 5th Amendment limits on decryption. In both of those prior cases, the district courts merely held on the facts of the case that the testimony was a foregone conclusion.'"
This discussion has been archived. No new comments can be posted.

US Appeals Court Upholds Suspect's Right To Refuse Decryption

Comments Filter:
  • by Anonymous Coward on Friday February 24, 2012 @09:58AM (#39146555)

    Why only if the government doesn't already know what it contains? Does that mean that they can force you when they already know what it contains?

    That doesn't make sense to me.

    • by Anonymous Coward on Friday February 24, 2012 @10:05AM (#39146613)

      Yes. If the government knows your have child porn on your computer, then they can get a warrant to force decryption.

      It's EXACTLY the same thing if they know you have a dead body in your garage they can get a warrant to force you to unlock the garage.

      • by AGMW (594303) on Friday February 24, 2012 @10:11AM (#39146705) Homepage

        Yes. If the government knows your have child porn on your computer, then they can get a warrant to force decryption.

        If they know, that implies they can prove it, and if they can prove it they don't need to decrypt it!

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          To use the GP's analogy, if your garage smells like rotting corpse, a judge will issue a warrant forcing you to unlock your garage door. That does not imply the police (or judge) knows you've been summoning Cthulhu.

          Similarly, if your name/handle/URLID comes up in a money laundering probe*, that might be probable cause to force decryption even if it hasn't been proven that you've been using that particular drive. In any sane jurisdiction, any evidence uncovered during such a probe can not be used to file unr

          • by Anonymous Coward on Friday February 24, 2012 @11:30AM (#39147781)

            To use the GP's analogy, if your garage smells like rotting corpse, a judge will issue a warrant forcing you to unlock your garage door.

            No, the judge will issue a warrant allowing the police to break in if you don't unlock the door - an important distinction. Despite the warrant, If you can't find the key to the garage door, no judge would throw you in jail for that.

            • by MozeeToby (1163751) on Friday February 24, 2012 @02:13PM (#39150179)

              Imagine that instead of a garage is a 10,000 lb, ultra high security safe. The kind where opening it by force is more than likely to destroy the contents. They will absolutely subpoena you for the combination to that safe and will absolutely hold you in contempt if you refuse to give it or if you claim that you can't remember it. Especially if they have evidence that you opened the safe on a regular basis (which is the kind of thing a good computer forensics team might be able to show).

        • by obijuanvaldez (924118) on Friday February 24, 2012 @10:38AM (#39147079)
          An excellent point, but not relevant here. However, in the United States, searches can be with a warrant issued "upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." Allegations can be supported by Oath, e.g. several friends and family members say they saw child porn on your laptop. Allegations can be supported by affirmation, e.g. they set up a sting operation whereby they do, in fact, know that at one time a computer in your house had downloaded child porn. But being very certain that it was downloaded onto a machine in the house just isn't the same as knowing on what machine and by whom. It also isn't the same thing as knowing it is still there. Finally, the burden of proof you mention isn't required until any subsequent trial.
        • Re: (Score:3, Insightful)

          by DarkOx (621550)

          That depends on how specific you need to be.

          We "know" you have money hidden in that off shore account. We know you have your pgp private key on your hard disk. We need you decrypt the hard disk so we can decrypt the message from the bank we intercepted using the pgp key.

          They know the key is there, they don't know what the key is; so yes they need you to decrypt it. I think this is actually a pretty reasonable ruling. It treats an encrypted hard disk just like we treat a safe in the physical world.

          The go

          • by Hatta (162192) on Friday February 24, 2012 @10:56AM (#39147373) Journal

            Except that an encrypted hard disk is not just like a safe in the physical world.

            • by DarkOx (621550) on Friday February 24, 2012 @11:11AM (#39147559) Journal

              How is different? Really explain that one to me!

              *Its a storage unit for information; lots of people use safe's for that
              *Its designed to keep others not its owner out, exactly what the encryption is doing
              *It needs a key or combination to open it; you need a key to decrypt

              They seem pretty damn similar to me. The Constitutions spells out my rights to "personal papers and effects". I am normally a pretty strict constructionist but I think its reasonable to character as a persons electronic documents as "papers" or if you don't want to do that than as "effects" and I really do think the same rules for how an when the government may take possession of them should be applied!

              • by Anonymous Coward on Friday February 24, 2012 @11:50AM (#39148033)

                Posting AC, but there's one simple difference:

                With a safe, if it's locked, the contents still exist.

                If I encrypt a disk, the original data quite literally no longer exists. The encrypted disk is not a "container" for my data -- it is a completely different set of data.

                The original data can only be recreated on cue if I supply my encryption passphrase. Therefore, by supplying the passphrase I am creating or assisting in the creation of evidence against me. I'm pretty sure the Fifth Amendment has something to say about being forced to do that.

                • by preaction (1526109) on Friday February 24, 2012 @12:34PM (#39148655)

                  That's splitting a technical (or technological) hair. Encryption cannot be a perfect safety net with which to break the law with impunity, so I accept this court's compromise. Remember what the lower courts wanted: Your encrypted data is theirs and they will use it all to prosecute you for everything.

                  • That is what lawyers are for - splitting hairs. If it weren't for hair splitting, we wouldn't have any more than ten or fifteen percent of the lawyers who are milking us today.

                • by izomiac (815208) on Friday February 24, 2012 @03:16PM (#39150987) Homepage

                  With a safe, if it's locked, the contents still exist.

                  And that is why I always place my important documents in a locked safe with a tiny radiation source and a Geiger counter. If the Geiger counter detects radiation, then a thermite charge is activated. Due to my poor understanding of a 77 year old reductio ad absurdum of the Copenhagen interpretation, my documents neither exist nor don't exist! And I surely cannot be compelled to collapse the waveform by a court of law, the constitution gives them no power over quantum physics.

              • by demonlapin (527802) on Friday February 24, 2012 @11:50AM (#39148035) Homepage Journal
                As I understand it, the primary distinction is that giving the government the key to a locked door in your home can be compelled, because it's a locked door in your home - it's entirely reasonable to expect you to have control of that door. But forcing you to give the government the combination to a safe is forcing your testimony, as it's only in your mind, not a physical object, and thus can't be required. (The law rapidly becomes murky as hell to me once you get beyond these statements, and IANAL, so I won't say more.)
                • Re: (Score:3, Insightful)

                  by sohmc (595388)

                  There are two problems with this analogy: Doors can be picked and destroyed. Picking a lock or destroying a door would not destroy the evidence/property that the door was protecting.

                  A better -- but still not perfect -- analogy is a safe (as another user pointed out earlier). Assume a perfectly unbreakable safe, the government would need you to provide the combination to the safe in order to gain access to the documents. IANAL, but telling the government a combination is generally not something that they c

                  • by rahvin112 (446269) on Friday February 24, 2012 @01:07PM (#39149155)

                    You and others are dancing around trying to poke holes in the 5th amendment. The spirit of the 5th amendment is to prevent the government from compelling you to help them prosecute you. The founders talked extensively about how it was immoral to require someone to help the government put them in jail. Providing encryption keys is helping the government prosecute you. In fact I'd argue the combination or key to a safe does exactly the same thing and the court rulings that allow the government to compel cooperation in opening safes also violates the spirit of the 5th.

                    This is only an issue because Judges go out of their way to violate the constitution when they think it should. As a result there is a case history in the US that providing the key or combination to a safe doesn't violate the 5th. Those rulings completely violate the spirit of the 5th even though they found weasel logic to get around a fixed interpretation of the words of the 5th. Just because this stupidity exists in case law isn't justification to piss on the 5th some more with a similar ruling on encryption.

                    • by blueg3 (192743) on Friday February 24, 2012 @04:27PM (#39151881)

                      The spirit of the 5th amendment is to prevent the government from compelling you to help them prosecute you.

                      This is where you and many Constitutional scholars disagree. The spirit of the 5th Amendment is to prevent you from having to give actual testimony against yourself. Prior to this, people were often forced to confess and to bear witness against themselves in court.

                      There are well-established legal situations in which you do, in fact, have to help the government prosecute you, in the broad sense. If they subpoena information, you are legally required to provide it, even if it's damning evidence.

                      The founders talked extensively about how it was immoral to require someone to help the government put them in jail.

                      Out of curiosity, where?

                  • by Reverand Dave (1959652) on Friday February 24, 2012 @01:11PM (#39149213)

                    All cynicism aside, we as a People need to find a way to allow the government to prosecute real criminals but also protect John Q. Citizen.

                    In all seriousness, as soon as the government starts making a distinction between real criminals and John Q. Citizen we can start letting our guards down on this but until then we should always err on the side of less power and intrusion.

              • by Anonymous Coward on Friday February 24, 2012 @11:54AM (#39148083)

                The one major difference I can think of is that decryption requires a transformation of the data. By decrypting the data you've demonstrated the knowledge of how to perform that transformation. Opening a safe does not require transforming data, simply allowing physical access to it. If you had hard copy encrypted, obfuscated, or ciphered data within your safe, would the court be able to compel you to decrypt that?

              • by EllisDees (268037) on Friday February 24, 2012 @12:09PM (#39148277)

                It's different because you can also think of encryption like a secret language that only you can decipher. If you wrote down all of your incriminating information in this secret language, there is no way the government could compel you to translate it for them since doing so would incriminate you. Sure, we can make analogies all day, but when we come right down to it, an encrypted document is a lot more like a secret language than a safe.

              • by the eric conspiracy (20178) on Friday February 24, 2012 @12:13PM (#39148351)

                The reason is that any safe can be physically forced. This makes access inevitable. The combination only prevents property damage.

                That is not the case with electronic encryption.

                • by RandCraw (1047302)

                  Actually, breaking into a strong safe exactly like breaking strong encryption. Both will require greater-than-average expenditures of time and money to crack, but given enough resources, both are possible.

                  If the state chooses not to expend the resources, that doesn't change the role of the defendant. It only makes it more likely that the prosecutors will whine to the judge about the unfairness of it all, and the judge will then throw the defendant's ass in jail until s/he capitulates and opens up the safe

              • by StikyPad (445176) on Friday February 24, 2012 @12:13PM (#39148353) Homepage

                What if your safe contains a piece of paper with what appear to be random markings. Does the government have the right to assert that you "decode" the paper? What if it really *is* random markings?

                A safe either contains something, or it does not, and that can be rather easily verified by looking at the contents. The same cannot be said for either the paper described above, or for a hard drive filled with noise and/or encrypted data.

              • by shentino (1139071)

                Unlike a real physical safe, though, you can't crack it with brute force.

                If you lose the key to a real safe, you can always get a locksmith to pick the lock, and as a last resort, good old oxy acetylene cutting torches can open it.

                Which is exactly what happens when the owner "loses" the key.

                No such analog exists with encryption.

              • by Jessified (1150003) on Friday February 24, 2012 @01:00PM (#39149053)

                The key is in your mind, and you have to make words to give it to others. It's not entirely the same.

                But let's assume you can be compelled, whether they know what's in the container or not. I have been trying to think about ways to get around this. From an academic point of view of course :P

                What if the pass key itself was incriminating (i.e. "I killed a guy in 1994 and his body is under the bridge.")? Could you plead the 5th? Might be a bit of a risk. (I mean...killing is bad.)

                Truecrypt allows the plausible deniability with the drive in a drive. Give them the wrong code and it opens a second container with something more innocuous in it. For those who are actually afraid of giving in (to torture? desperation?) the under duress password could have the function of changing the real password to 500 random characters, thereby making it permanently inaccessible to anyone.

                Another idea is to have a daily or weekly maintenance password. That is, you are required to type in a password once a day or once a week, and if you don't, the passkey changes to some random 500 characters and is permanently inaccessible. If your stuff is seized or you are arrested, all you have to do is sit back and relax. While I am sure it would be a problem for you to go around actively destroying evidence, I'm curious to see if you get in trouble for this. First of all, you aren't destroying evidence per se, rather it is being rendered inaccessible (automatically I might add). Second, while you can't actively destroy evidence, can you get in trouble for not actively preserving it for the authorities?

              • Very similar. Very very similar. But, even very, very, very, VERY similar is not "exactly the same".

                The cops can get a plasma torch to get into my safe if all other methods of gaining entry fail. I don't HAVE to open it for them.

                Let the cops use a plasma torch on my hard drive then. As you say, it's "exactly the same".

                Alright, I'll clue you in here. The encrypted hard drive is an extension of my mind. Only my mind can unlock it. My mind is not subject to search. The cops can question me, but I don't

          • by rickb928 (945187) on Friday February 24, 2012 @11:19AM (#39147643) Homepage Journal

            I don't agree, first because we can no longer reasonably assume the government is always truthful in its allegations and statements.

            I know that legally the government enjoys the presumption of trust, but this is as close to self-incrimination as it can get.

            It also doesn't answer the question of what happens if, during their examination of the decrypted drive, they 'discover' other information that could lead to other charges. At least in the example of the rotting smell from the garage, if it turns out to be your dog, do they have the right to dig up the foundation to try and find a human body also? Or would the goverment then have to ask for a new warrant? In the cse of data, would they be compelled to ask for a new warrant it they 'happen' to notice evidence of unrelated crimes.

            Actually the real question for me is still a Fifth Amendment one. If they drag you into court and ask you about the rotting corpose in the garage, you can still sit there mute and refuse to answer, and there may be penalties for that, but you cannot so easily be compelled to incriminate yourself.

            Decrypting your data is a different thing, and it is virtually impossible for the government to claim they can look ONLY for the data they seek, and ignore all else. It's another thing to say they are looking in the garage for a corpse, and be able to avoid looking in the trunk of car parked on the street, despite walking by it repeatedly as they swarm over the garage.

            Sorry, but I think we need much more protections. My phone has enough information on it to give law enforcement access to things they should need more than one warrant for, and discovery they should not be able to make while searching for something else.

            • by rilian4 (591569) on Friday February 24, 2012 @12:08PM (#39148261) Journal

              I don't agree, first because we can no longer reasonably assume the government is always truthful in its allegations and statements.

              The constitution was written because the founders assumed government could not be trusted with power. This is why government must *prove* a case against a free citizen beyond reasonable doubt. You assume the government is wrong until they prove otherwise. If you ever assume government is right, you're in trouble.

        • They may be able to prove you viewed child porn, by having used a honey pot, and tracking your IP address/etc.. That is enough to get a warrant to search your computer for evidence of wrongdoing, where they will find the proof that it was actually you. If all they have is logs from a honey pot, then you can still argue that you have an open wifi and it was a drive-by hacker who committed the crime.

          In other words, they may not know the exact content of your hard drive, but they may know enough to get a warra

          • by sohmc (595388) on Friday February 24, 2012 @12:21PM (#39148471) Journal

            The only thing a honey pot would prove is that your computer accessed child porn. Proving you viewed it is different.

            There was a case (specifics escape me) where some guy hacked a wi-fi network and made it look like his neighbor was viewing child porn and making threats to political officials. The police originally had the same mentality: your computer, and therefore you, view child porn. Only after his company conducted their own investigation did they prove that he didn't. Note that I said company, not the police.

            With Trojans, worms, and other malware, I would think this is an area that needs legal work: proving that an actual person accessed something illegal and not just a computer attached to an IP address.

        • by dbet (1607261)
          No, they don't need solid proof, only evidence. An officer saying "I saw it before the shut off the computer" is evidence. If that convinces a judge, he gets a warrant.

          Of course, this does very little in the way of actually forcing you to do anything. If you don't open your door for a warrant, the police can break it down. If you "forget" your password, I have no idea what will happen.
      • by Svartalf (2997)

        They have to know it specifically enough to get a warrant. Just "he has child porn on the drive" is insufficient.

      • Some locks simply does not have keys. They may try to force me but they will be unsuccessful.
      • by rilian4 (591569) on Friday February 24, 2012 @12:00PM (#39148171) Journal

        It's EXACTLY the same thing if they know you have a dead body in your garage they can get a warrant to force you to unlock the garage.

        No it isn't. To continue your analogy of a dead body, they can get a warrant that allows them to search your garage. If you don't open it for them, they then can break in and conduct their search. To apply this to the laptop scenario, the government indeed had a search warrant for the laptop and it was turned over by the defendant. She, in no way, can be compelled to unlock it or do anything else to it but in retrospect, the government would have the right to break into it. In trying to force the defendant to open it, the government has stated that they can't or won't break into it for fear of damaging possible evidence. That's their problem, not the defendant's problem.

        [IANAL] I agree w/ the appeals court's decision here. Forcing the defendant to unlock and/or decrypt her laptop would be forcing her to provide evidence against herself thus violating her 5th amendment rights.

    • by Anonymous Coward on Friday February 24, 2012 @10:05AM (#39146617)

      The EFF Covers things pretty well.

      http://www.youtube.com/watch?v=gohLZVAJAiI

      Watch that.

    • by uganson (1173241) on Friday February 24, 2012 @10:06AM (#39146631)

      So the government just have to say: we know that you harddrive contains X, and they force you to decrypt it.

      Of course, when it is decrypted and it turns out that it didn't contain X, they will just say... sorry!

      • by Anonymous Coward on Friday February 24, 2012 @10:10AM (#39146695)

        So the government just have to say: we know that you harddrive contains X, and they force you to decrypt it.

        Of course, when it is decrypted and it turns out that it didn't contain X, they will just say... sorry!

        Hogwash. No way they're going to say sorry.

      • by Kjella (173770) on Friday February 24, 2012 @10:20AM (#39146827) Homepage

        They can't just "say it". The other case was quite exceptional, the suspect did voluntarily show the decrypted disc to the customs officer, the customs officer found kiddie porn but as the laptop was powered down it wouldn't open again without a password. So they had proof he could access it, testimony that they'd actually observed it and a chain of evidence that the contents had not changed since then. That's a whole different level of knowing than just "knowing" they're involved in something illegal.

        • Also, you have a much lower (nonexistent?) expectation of privacy when crossing the border than you do otherwise.

        • by Coopjust (872796)
          Also in Boucher's case they were able to get specific, and in Boucher's case, he only used a container, so files with names suggesting CP were there, and the defendant voluntarily decrypted them so they could be viewed.

          The ICE agent examined the computer and saw a file labeled “2yo getting raped during diaper change,” but was unable to open it. After the suspect navigated to the encrypted portion of the hard drive, the ICE agent located and examined several videos or images that appeared to be c

      • by The Moof (859402)
        In theory, this is why warrants exist. They would need to get a warrant to force that decryption. That means they must convince a judge that there's reasonable suspicion they will find exactly what they're searching for. It's similar to how police can't come force themselves in my door, tell me there's a body in my house, and go looking for evidence of anything illegal.

        However, given how the whole civil rights thing has been going these days, the warrants may just turn into a rubber-stamp process, and
        • by Lumpy (12016) on Friday February 24, 2012 @10:31AM (#39146985) Homepage

          Sounds great, I'll support that as soon as they put a penalty for the law enforcement being wrong.

          This is the problem, they CAN go on fishing expeditions without any recourse. They can smash down a door and kill the family dog on accident and the family does not get all damages covered, they get told "sucks to be you"

          As soon as I get to sue the Cops that did the deed and the city department for all damages and legal costs I'll support that warrants are legitimate.

    • by firex726 (1188453)

      I think it's that whether or not that they know there is or is not incriminating evidence on the drive. Not that they know the exact contents.

      Perhaps something like "I have incriminating evidence on this drive, therefore I will not decrypt it" vs. "I don't know what may or may not incriminate me on this drive, thus I will not decrypt it".

    • by Nidi62 (1525137)

      Why only if the government doesn't already know what it contains? Does that mean that they can force you when they already know what it contains?

      That doesn't make sense to me.

      I think the point of the ruling is to avoid fishing expeditions. If the authorities have probable cause or a reason to believe there is information relevant to an investigation on your hard drive, then a warrant would allow them to compel you to decrypt it. But they can't just force you to decrypt a hard drive without any evidence of a crime having been committed.

      • by Kjella (173770) on Friday February 24, 2012 @10:57AM (#39147393) Homepage

        Actually this is a double smackdown. They hold that

        1) The act of decrypting would be testimonial in proving your control over the encrypted container.
        2) Even if the decryption wasn't testimonial, compelling you to produce a part of the chain of evidence is also prohibited by the 5th amendment.

        This is pretty much a full victory that your encrypted contents are immune from warrants, expect new keylogger laws shortly though... And it still needs to stand in the US Supreme Court before it applies to the whole US, but the ruling seems sound.

    • Same as with any search warrant, they have to establish probable cause to search or seize property. If they don't know what it contains, then they don't have probable cause to search it.
    • The only case I am aware of that could be a precedent for this was the man who showed a border guard the child pornography on his laptop, but the guard shut down the laptop without first making a copy of the hard drive. That defendant was forced to decrypt the laptop; I disagree with that ruling, I think that if the government screws up like that then it should not be the defendant's job to fix their mistake, but the courts disagree with me.
  • If you're absolutely certain what's in the encrypted archive, you don't need the encryption key at all.

    • by Xylaan (795464)
      I think that if they had other evidence that there were encrypted incriminating evidence, such as an email to a third party referring to them, they might have had better luck.
      • by Hatta (162192) on Friday February 24, 2012 @10:49AM (#39147261) Journal

        I'm aware of that. It's a really bad decision. If the officer's testimony that the documents existed was sufficient to prove that the documents existed, the jury should be satisfied without seeing the documents. If the testimony of the officers was insufficient to convince the jury that the documents existed, then there is no foregone conclusion at all.

        The decision is facially nonsensical. The judge fails not just at applying the constitution, but basic logic.

        • by bws111 (1216812)

          The judge does not fail at either constitutional law or logic. You, however, most definitely do.

          The judge is issuing a warrant based on the officers testimony that there is good reason to believe evidence will be found. Said evidence (not the officers belief), if found, will then be used at trial.

          The jury is looking at the actual evidence, not the officers belief.

          Your idiotic 'logic' would imply that either a) actual evidence is not required at a trial, just officers testimony, or b) that the judge wo

  • by backslashdot (95548) on Friday February 24, 2012 @10:06AM (#39146627)

    Seriously, cause my own memory really sucks, it would be nice if i could make myself remember things. How do i waterboard myself?

  • by omega6 (1072658) on Friday February 24, 2012 @10:06AM (#39146629)
    /. Headline: US Appeals Court Upholds Suspect's Right To Refuse Decryption Linked Headline: Ruling Stands: Defendant Must Decrypt Laptop
    • by Anonymous Coward on Friday February 24, 2012 @10:23AM (#39146867)

      I think they just linked the articles confusingly.
      The first link is the 2nd Circuit Court of Appeals on Fricosu, which is a different case still ongoing.
      The second link is the 11th Circuit Court of Appeals for another case where they now decided that forcing him to decrypt his hard drive would violate his 5th Amendment rights.

  • by rebelwarlock (1319465) on Friday February 24, 2012 @10:07AM (#39146641)
    Let's say, hypothetically, John Doe gets brought up on child pornography possession charges. He has one computer in his home, and the cops are reasonably sure that said porn was accessed and stored at that physical location only. They order him to decrypt his hard drive, because they know it has evidence of his illegal porn habits. He replies, "No it doesn't. It has other stuff. Stuff you don't know about. You can't see it."

    Now, they could say that they know for certain that he's a lying sack of crap and force him to decrypt it anyway. No child porn evidence, but he's be embezzling from his company, according to what they find. Now what?
    • Re: (Score:3, Informative)

      by Anonymous Coward

      Let's say, hypothetically, John Doe gets brought up on child pornography possession charges. He has one computer in his home, and the cops are reasonably sure that said porn was accessed and stored at that physical location only. They order him to decrypt his hard drive, because they know it has evidence of his illegal porn habits. He replies, "No it doesn't. It has other stuff. Stuff you don't know about. You can't see it." Now, they could say that they know for certain that he's a lying sack of crap and force him to decrypt it anyway. No child porn evidence, but he's be embezzling from his company, according to what they find. Now what?

      Fruit of the poisonous tree, that evidence would be inadmissible.

      This is first year law school stuff...

    • by Joehonkie (665142)
      Duh, that's when you plant the child porn on his computer and proceed as planned to avoid embarrassment.
    • by betterunixthanunix (980855) on Friday February 24, 2012 @10:19AM (#39146811)
      Except that the cops believing someone is guilty is not the same as the cops actually knowing that a hard drive contains evidence. If all we cared about was whether or not the cops believed someone to be guilty, we would not even bother holding trials.
      • by Hatta (162192)

        We can't tell the difference between the cops "knowing" and the cops "believing". All we really know is that the cops asserted something. If they want us to believe it, it's their burden to produce proof. Forcing someone to provide incriminating testimony on the word of the police is blatantly unconstitutional.

    • by elrous0 (869638) *

      That's the kind of scenario the 4th Amendment was intended to address. Unfortunately, the Constitution has become toilet paper when it comes to digital possessions and effects. And the Supreme Court, being a bunch of ancient farts (and a *conservative* bunch of ancient farts at that), has had its thumb implanted up its ass on the whole issue of anything related to "one of them new-fangled computing boxes" for a long time now.

      Theoretically, in the non-digital world, the cops would have to have a warrant to s

  • Two words: thumb drive.

  • by Xylaan (795464) on Friday February 24, 2012 @10:08AM (#39146663)
    The first link is to a completely different case. Similar story, except that one ruled that the defendant must decrypt their laptop and was heard by the 2nd Circuit. The second link refers to the 11lth Circuit case.
    • Breaking News! The editors of Slashdot still haven't figured out how links should work. Often, the hyperlink text has nothing to do with the linked article, or is at best hard to figure out.
      • Oh rubbish! There is an excellent description of the "behind the scenes" technical detail that goes into /. editorial management here [blogspot.com].

    • Correct. The 1st link she has to decrypt it because the trial judge ordered her to do so, and the appellate judge ruled against her because she hadn't actually been convicted of anything. Which I agree with. I'm sure in light of the 2nd link, she might win the appeal though, which is what I think should have happened in the 1st place.

  • by mcwop (31034) on Friday February 24, 2012 @10:14AM (#39146753) Homepage
    You have the right to remain silent. You have the right to remain encrypted. Anything you say, do, or decrypt can and will be held against you in a court of law. You have the right to speak to an attorney. If you cannot afford an attorney, one will be appointed for you. Do you understand these rights as they have been read to you?
  • Would that mean an unappealable life sentence?

  • by JSBiff (87824) on Friday February 24, 2012 @10:31AM (#39146979) Journal

    It seems to me that the courts generally frown on "unenforceable laws". In this case, if the government can't decrypt your hard drive without your cooperation, they can't really "force" you to reveal it. They could try to torture you for it, but that's, at least presently, illegal. They could throw you in jail, but if you know that the penalty for refusing to cooperate is less than the penalty for whatever crime your data might provide proof of, then the rational thing is just to take the penalty for refusing to cooperate.

    So, fundamentally, unenforceable.

    • by betterunixthanunix (980855) on Friday February 24, 2012 @10:40AM (#39147135)

      They could throw you in jail, but if you know that the penalty for refusing to cooperate is less than the penalty for whatever crime your data might provide proof of

      You might not know that. The current record for longest time served for contempt of court is H. Beatty Chadwick, who spent 14 years in prison for failing to surrender money his wife claimed he was hiding during a divorce case. He could not have been imprisoned at all had he "cooperated," which in this case meant producing money that he did not have. Now, suppose you are accused of possession of child pornography, and you refuse to decrypt; if convicted, you might spend 5 years in prison, but you might be held indefinitely for failing to decrypt -- it is up to a judge to decide whether or not you have been held long enough. How do you even make a decision in that situation?

      Now, deniable encryption systems might help somewhat in these cases, because in the United States the prosecution would have to prove that there is a second secret key that you failed to produce, which in a good system should be a hard thing to prove. Unfortunately, this could also mean being held in contempt if the police claim that they saw incriminating evidence on your computer, so clearly the passphrase you provided is not the one they are looking for.

      • I was quite curious about the Beatty Chadwick case, so I looked it up. Actually, while the headlines say he had to produce the money, that isn't quite true : he also would refuse to sign documents needed to actually investigate where the money was. Had he cooperated with the effort to find the money, and no funds could be found, he would have been released much sooner or not jailed at all. Most likely, he does have access to the money somehow, and he felt that giving up his life's fortune of severald mil

      • by Kjella (173770)

        Now, suppose you are accused of possession of child pornography, and you refuse to decrypt; if convicted, you might spend 5 years in prison, but you might be held indefinitely for failing to decrypt -- it is up to a judge to decide whether or not you have been held long enough.

        Actually that's exactly what happened in this case. He tried to invoke the 5th, was denied, continued to refuse and was held in contempt of court. The last lines of the PDF:

        The refusal was justified, and the district court erred in adjudging him in civil contempt. The district court's judgment is accordingly REVERSED.

  • IANAL but it seems like this decision hinges on the fact that the act of decrypting the hard drive requires the encryption key, which is in turn a product of the mind. On that basis the judge has connected it to the fifth amendment and self incrimination rather than the model put forth by the prosecution of a simple lock and key. The implication that I am seeing here is that if you were to encrypt your hard drive, but use a file on a USB drive as the encryption key rather than a passphrase, then this deci
  • Go Truecrypt!!!!! (Score:5, Informative)

    by Pepebuho (167300) on Friday February 24, 2012 @10:32AM (#39147009) Homepage

    From the Opinion:
    "But random characters are not files; because the TrueCrypt program displays random characters if there are files and if there is empty space, we simply do not know what, if anything, was hidden based on the facts before us. It is not enough for the Government to argue that the encrypted drives are capable of storing vast amounts of data, some of which may be incriminating. In short, the Government physically possesses the media devices, but it does not know what, if anything, is held on the encrypted drives."

  • What I want to know (Score:5, Interesting)

    by medcalf (68293) on Friday February 24, 2012 @10:35AM (#39147041) Homepage
    What encryption product was used? It sounds like it is doing its job.
  • by wcrowe (94389) on Friday February 24, 2012 @10:48AM (#39147247)

    What I find heartening is that this is the 11th Circuit Court (Alabama, Georgia, Florida) -- i.e., not a court known for "wacky" decisions. If it were the 9th Circuit I would be more worried that this fight isn't over.

    I particularly liked how the court used the government's own analogy of a combination to a safe to make their ruling. The ruling explained that the Truecrypt software shows random characters even if nothing exists on the hard drive, so if the hard drive is like a safe -- as the government contends -- then it can be full of incriminating evidence, or completely empty. There is no way for the government to know without opening the safe. Therefore the government cannot use the argument that the evidence was a foregone conclusion. Additionally, the court (thankfully) acknowledged that just because the defendant owns a safe, is not an indication that any criminal activity is going on. The ruling both turned the government's analogy on its head, and revealed that the court has a fairly good understanding of the technology.

     

  • Bomb password? (Score:4, Insightful)

    by AbRASiON (589899) * on Friday February 24, 2012 @10:53AM (#39147313) Journal

    Is there an encryption system available where if you put in a specifically bad password it damages the data forever?
    I have no interest in kiddie porn but I sure as shit don't agree with people forcing me to decrypt.

    • Re:Bomb password? (Score:5, Informative)

      by dbet (1607261) on Friday February 24, 2012 @11:08AM (#39147519)
      No idea, but Truecrypt can have 2 passwords, one which unlocks a "fake" set of data, but still hides your real one. Due to the way data is stored while encrypted, there's no way to tell the difference between a second encrypted section and noise.
    • Re:Bomb password? (Score:5, Informative)

      by swillden (191260) <shawn-ds@willden.org> on Friday February 24, 2012 @11:19AM (#39147633) Homepage Journal

      Is there an encryption system available where if you put in a specifically bad password it damages the data forever?

      It doesn't matter, for two reasons.

      First, you can't do it, because standard procedure in cases like this is to duplicate the drive contents and do all analysis on the duplicate. If your system destroyed the data when a "duress" password is entered, it would only be destroying a copy.

      Second, if you could do it you still probably wouldn't want to, because then you'd be prosecuted for destruction of evidence. I suppose if the penalty for destroying evidence is much lower than the penalty for the crime the contents of the drive would prove, that might be a good idea. But it still seems like you'd be better off just not saying anything.

The shortest distance between two points is under construction. -- Noelie Alito

Working...