Legal

Another Judge Rules Encryption Passphrase not Testimonial Under Fifth Amendment Analysis

I previously discussed, on a bar association section blog in 2007 (here) and 2009 (here), the case of In re Boucher, where a U.S. judge for the District of Vermont ruled that requiring a criminal defendant to produce an unencrypted version of his laptop’s hard-drive, which was believed to contain child pornography,did not constitute compelled testimonial communication.  Professor Orin Kerr posted a detailed discussion of the matter here.

The circuit court appeal in Boucher was dropped, but a new case has surfaced in the U.S. Court for the District of Colorado, United States v. Fricosu.  There, a bank fraud defendant’s home was searched pursuant to a warrant, and a computer seized which held encrypted files. Further, Defendant provided evidence indicating her ownership computer, that she knew it was encrypted, and that it contained inculpatory evidence. The government subpoenaed defendant to produce an unencrypted version of the content of the computer, offering immunity against authenticating for doing so.  Defendant  moved to quash, arguing that the subpoena violated her Fifth Amendment privilege against self-incrimination by requiring a testimonial act of production by compelling her to acknowledge her control over the computer and its contents.  Borrowing substantively from Judge Sessions’ decision in Boucher, Judge Robert E. Blackburn  ordered defendant to reveal the decryption password to the contents of the hard-drive.

In Boucher, Judge Sessions observed that, although the Fifth Amendment privilege ordinarily applies to verbal or written communications, an act that implicitly communicates a statement of fact may be within the purview of the privilege as well.  (citing United States v. Hubbell, 530 U.S. 27, 36 (2000); Doe v. United States, 487 U.S. 201, 209 (1988)), and that, although the contents of a document may not be privileged, the act of producing the document may be.”   United States v. Doe, 465 U.S. 605, 612 (1984).  Production itself acknowledges that the document exists, that it is in the possession or control of the producer, and that it is authentic. Hubbell, 120 S.Ct. at 2043.  In summation, an act is testimonial when the act entails implicit statements of fact, such as admitting that evidence exists, is authentic, or is within a suspect’s control. 487 U.S. at 209.

In the current case (Fricosu), Judge Blackburn has ruled that, where the existence and location of the documents are known to the government, no constitutional rights are touched, because these matters are a foregone conclusion, insofar as they add little or nothing to the sum total of the Government’s information. Likewise, defendant’s production wasn’t necessary to authenticate the computer drives where she had already admitted possession of the computers. See United States v. Gavegnano, 2009 WL 106370 at *1 (4th  Cir. Jan. 16, 2009) (where government independently proved that defendant was sole user and possessor of computer, defendant’s revelation of password not subject to suppression). Specifically, Judge Blackburd ruled that, “There is little question here but that the government knows of the existence and location of the computer’s files.  The fact that it does not know the specific content of any specific documents is not a barrier to production.”

Law Technology News quoted our colleague, Craig Ball, as saying what disturbs him most about the ruling is “that Judge Blackburn points to Boucher and simply equates the two scenarios without noting that the government’s knowledge of the contents of the kiddy porn laptop was substantial, specific, and no way speculative.” He added that this case differs from Boucher in the sense that the government at least saw the questionable files on Boucher’s computer already, “the LEOS saw the contraband with their own eyes and recognized its criminal character.” But, in the current case, officials likely don’t know what is on the computer, because “the cops never got past the log in screen, due to the computer’s encryption.”  Likewise, Professor Kerr characterizes Judge Blackburn’s ruling as “not a model of clarity.”

I see Craig’s point, and I recognize that he doesn’t want law enforcement to have carte blanche to peer into one’s encrypted volume based solely on reasonable suspicion (or  –alternatively– to suffer an adverse jury instruction (State v. Levie695 N.W.2d 619(Minn.App. 2005)).

But, I wonder whether a helpful analogy (one I can’t claim credit for) is the locked safe, within which the police have probable cause to believe a stolen painting has been stored. They don’t want to blast the safe open, because the priceless painting may be destroyed.  Assume the safe is in defendant’s home, and the police have a search warrant, and, therefore, assume the safe belongs to defendant and he is aware of its presence. Can defendant be compelled to turn over the key to the safe?  The answer, I believe, is yes. See Schmerber v. Cal., 384 U.S. 757 (U.S. 1966) (Where blood test evidence, although it may be an incriminating product of compulsion, is neither testimony nor evidence relating to some communicative act or writing by a defendant, it is not inadmissible on privilege grounds).  Now, let’s assume that it’s not a key the cops need, but a combination code to the safe.  Defendant has this code memorized.  Can the defendant now not be compelled to give up the code?  Why not?  Because it’s a memory?  But the Fifth Amendment doesn’t afford an unqualified privilege for memories; it affords a privilege to statements that are testimonial in nature. How could defendant’s very knowledge of the code to a safe in his own home be either incriminating or testimonial, regardless of whether the cops actually saw the painting deposited therein or not?

About barristerharri

The author, Sean L. Harrington, is a digital forensics examiner, cybersecurity attorney, and e-discovery and litigation consultant with the private practice digital forensics firm of Attorney Client Privilege, LLC (http://attyClientPriv.com). Harrington holds the MCSE, CISSP, CHFI, CSOXP, and CCFP, has served on the board of the Minnesota Chapter of the High Technology Crime Investigation Association (http://mn-htcia.org), is a member of Infragard, a member of the Financial Services Roundtable cyber- legislative working group, a member of the Minnesota Ediscovery Working Group, a member of Century College's Computer Forensics Advisory Board and [erstwhile] Investigative Sciences for Law Enforcement Technology (ISLET) board, and is a council member of the Minnesota State Bar Association (MSBA) Computer & Technology Law Section. (http://mntech.typepad.com). Harrington earned a certificate in computer forensics from Century College's pioneering digital forensics program and graduated with honors from Taft Law School.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 999 other followers

%d bloggers like this: