Show and Tell: Decrypt Your (Potentially Incriminating) Secrets Or Be Held In Contempt

Submitted by Gene Howington, Guest Blogger

The 5th Amendment of the U.S. Constitution reads:

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.”

The language is clear.  There is no reasonable alternative construction or deconstruction of the language that renders any permutation of the right against self-incrimination to yield a contrary result.  You don’t have to offer testimony against yourself in a criminal proceeding in any court of law.  Ever. In what seems an ever increasing and endless assault on the civil rights of American citizens, even this right spelled out in plain language is under attack. This time the alleged assailant is U.S. District Court Judge Robert Blackburn, a George W. Bush appointee.  Judge Blackburn has ordered a criminal defendant to produce a unencrypted version of an encrypted hard drive.  While several lower courts have addressed this issue, the Supreme Court has yet to weigh in on it.  That may change.

But is the 5th Amendment really under attack here?  The 5th Amendment applies to testimony.  The issue at hand here is production of evidence. Different standards and protections can apply to compelling the production of evidence. The case in front of Judge Blackburn is U.S. v. Fricosu.

Last week, Judge Blackburn ordered Ramona Fricosu of Peyton, Colorado, to decrypt the hard drive of a Toshiba laptop computer no later than February 21. The failure to follow this order has consequences including contempt of court. Contempt of court is an inherent power of the court although most jurisdictions have a statutory grant and definition of the power. In a criminal proceeding in Federal Court, contempt is covered by Rule 42 of the Federal Rules of Civil Procedure.

Contempt is a separate and distinct charge from the case at bar even though it can stem from events directly related to the case at bar.  Contempt charges may result from a failure to obey a lawful order of a court, showing disrespect for the judge, disruption of the proceedings through poor behaviour, or publication of material deemed likely to jeopardize a fair trial. A judge has wide latitude to impose sanctions such as a fine or jail for someone found guilty of contempt of court, however, key to the whole concept of contempt of court is that the judicial order must be lawful. In this case, the lawfulness of the order to decrypt the hard drive must be considered in light of the defendants 5th Amendment right against self-incrimination.  The laptop was seized by warrant during the investigation against Fricosu that led to the case at bar where she is charged with bank fraud, wire fraud, and money laundering as part of an alleged scheme to use falsified court documents to illegally gain title to homes near Colorado Springs.

In 2009 a factually similar case, In re Boucher, resulted in an order for the defendant to decrypt his hard drive. However, despite being similar, there were key differences in the Boucher case.  Sebastien Boucher was crossing over from Canada into Vermont.  His laptop was powered up allowing for inspection by ICE agents. While conducting the search, the agents found child pornography.  They subsequently seized the laptop and arrested Boucher, but the laptop was powered down upon seizure.  The hard disk was encrypted with PGP Disk encryption similar to  Symantec’s PGP Desktop used on Fricosu’s computer.  When the defendant argued that decrypting the hard drive violated his 5th Amendment right, the magistrate judge initially sided with Boucher, but upon appeal, a judge for the U.S. District Court for the District of Vermont reversed the decision.  In essence, the ruling of the District Court found the passphrase in Boucher to be analogous to a key to a lock box and the discovery of the evidence within a “foregone conclusion”.  But is an encrypted drive the same thing as a lock box?

If the government has substantive knowledge of the content and location of documents, there is precedent to allow compelling the production of such evidence, such as forcing the production of a key to a lock box the government knows contains said evidence.  If the existence and location of information are known to the government and the witness “adds little or nothing to the sum total of the Government’s information by conceding that [s]he in fact has the [information],” those matters are treated as a “foregone conclusion.” Fisher v. United States, 425 U.S. 391, 411 (1976). Similarly there is precedent for allowing the compelling the production of evidence such as finger prints, blood samples or voice recordings.  Courts considering the issue of passphrases and their production such as  United States v. Rogozin and United States v. Kirschner have previously held that the 5th Amendment applies to encryption passphrases.  Notably, Kirschner shares similar facts with Boucher. The defendant in Kirschner was charged with receiving child pornography, but unlike the Boucher case, authorities had no direct knowledge that the encrypted computer in question in that case was where the child pornography was stored.  Lower courts have held that the protection of the 5th extends to the contents of a defendant’s mind.  The key to these distinctions rests upon testimonial versus non-testimonial acts; testimony versus the production of physical evidence with known probative value.

In the Fricosu case, the initial warrant and seizure complied with the 4th Amendment requirements and was lawful.  Assistant U.S. Attorney Patricia Davies has argued that there is no 5th Amendment issue in compelling production of an unencrypted version of the hard drive because she isn’t seeking the passphrase proper but rather an “unlocked version” of the data seized legally pursuant to the warrant previously issued and executed.  In what appears to be a semantic argument, Davies has argues that since what she requested was production of an unencrypted version of the hard drive and not the disclosure of the passphrase proper that Friscosu is not being compelled to testify against herself.  The analogy to a lock box fails at this point for a couple of reasons.

First, the prosecution has no idea what is on the drive as it was powered down when seizure by warrant was made, merely a suspicion.  Substantive knowledge of the existence, location and probative value of the evidence sought is critical to the analysis of the existing jurisprudence. Since there is no direct knowledge by the prosecution of the actual contents of the encrypted drive, what they are likely to find there is not a “foregone conclusion”.  The prosecution claims that a recorded jailhouse conversation is the basis of their suspicion but that is not the same as having direct evidence of the drive’s contents.  Second, a passphrase is not like a key in that it lacks physicality; it is held only in Friscosu’s mind.  Either disclosing it or using it directly seemingly requires a testimonial action of the defendant’s mind.  Third, evidence is by its nature evidentiary or not in the state in which it is found.  Documents in a lock box are what they are as far as evidence goes or they are not. Fourth, control of the evidence prior to seizure is an issue in this case. Compelling her to decrypt the drive is compelling her to admit that she had control over the computer and would be self-incriminating concerning any evidence recovered from it. Fricosu’s husband is also charged in the mortgage fraud scheme.  The computer may or may not have been under her control.  It was taken from her residence which she shared with her co-defendant husband. This also brings up another issue: Fricosu may not be able to produce an unencrypted version of the hard drive because of impossibility. She may not know the passphrase.

In finding for the prosecution in granting the order, Judge Blackburn relied heavily upon Boucher despite the factual differences in the case.  Judge Blackburn points to Boucher without acknowledging the key factual differences in the cases.  On the case at bar, the prosecution has no direct substantive idea of the encrypted drives content compared to Boucher where the prosecution knew the contents of the drive because LEO’s had previously seen it. That did not stop him from issuing the order based on the prosecution’s contention that “[p]ublic interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.”

If upheld, this could have broad implications not just for criminal prosecutions, but for the business world as well.  As Joshua Engel, vice president and general counsel at consulting firm The Lycurgus Group, said, “There’s a tremendous impact on the corporate world as we move toward cloud computing, and the reason is because documents stored in the cloud are often encrypted (or should be), and stored in the cloud because you want people to collaborate; by acknowledging they have the key, that person is admitting they have worked on the file or have access to it. As such, if the document has bad things in it, you are aware simply by virtue through the encryption.”  A finding for Fricosu would strongly enhance your rights to privacy in addition to defining where the line is drawn regarding encryption technology and your 5th Amendment rights.  A finding against Fricosu would give law enforcement a powerful tool in finding useful evidence via search warrants.

Is that discovery tool worth sacrificing your right against self-incrimination or your right to privacy?

Is self-incrimination different if you decrypt the files yourself or are forced to give your password to others?

Is a situation factually different enough to merit circumventing the 5th Amendment if the government has a substantive idea what the drive contains? Or is a situation factually different enough to merit triggering the 5th Amendment if the government does not have a substantive idea what the drive contains?

Is this an attack on the 5th Amendment?

Is this an attack on the privacy rights found under the due process clause of the 14th Amendment?

What do you think?


~Submitted by Gene Howington, Guest Blogger

57 thoughts on “Show and Tell: Decrypt Your (Potentially Incriminating) Secrets Or Be Held In Contempt”

  1. As I see it, there is a huge difference between being required to give an exemplar such as a blood sample or fingernail scraping and being required to say something, such as the encryption code for a computer. Who knows what the SCOTUS might do, but I agree with Gene and others who see this as being ripe. Looks to me like a perfect test case.

    They cannot force a defendant to reveal the location of a body, or where the loot is hidden. How is this different?

  2. After reading the update, which hadn’t been posted when I wrote my first comment, I’m confused…

  3. Great supplemental there, Nal.

    Thanks for the relay.

    And I agree on the Supremes. This is a question ripe for adjudication.

  4. Ruling Stands: Defendant Must Decrypt Laptop

    The 2nd U.S. Circuit Court of Appeals, however, sided with the government’s contention that an appeal was not ripe — that she must be convicted or acquitted before the circuit court would entertain an appeal. Appellate courts usually frown on hearing appeals until after there’s been a verdict.

  5. Orin Kerr:

    Eleventh Circuit Finds Fifth Amendment Right Against Self Incrimination Protects Against Being Forced to Decrypt Hard Drive Contents

    We hold that the act of Doe’s decryption and production of the contents of the hard drives would sufficiently implicate the Fifth Amendment privilege.

    We are unpersuaded by the Government’s derivation of the key/combination analogy in arguing that Doe’s production of the unencrypted files would be nothing more than a physical nontestimonial transfer.

    This one will go to the Supremes.

  6. What is all this talk about Rights, our Bill of Rights were cancelled just after 9/11, that’s why we had 9/11 as a False Flag attack, to give our Rulers (not leaders) the right to assult us, then more laws passed to deny us a trial by jury, then the right to be arrested without any charges, and held indefinately without trial. And no one is fighting back, because you don’t have the guts to defend this nation. Well I’m here to defend you, if I’m elected next November. I’m going to clean house (Congress and Senate) and return Justice to our nation. I’m an 85 year young patriot that will not lay down and surrender, without a huge fight. I’ll protect our borders, I’ll protect us from imports that put Americans out of work. How many are willing to follow me in to battle? Let’s ReVote, to Restore not Change America

  7. Article says “Passware has been actively tackling various encryption technologies such as BitLocker, TrueCrypt, and FileVault, and says its latest Passware Kit Forensic 11.3 software can extract encryption keys for all of these technologies. In addition to extracting FileVault keys, Passware can also extract passwords from encrypted keychain files and recover log-in passwords for user accounts”

  8. For those interested in actual protection, the route is full-drive destructive encryption. It requires a kill-switch and a remote signal from a mobile device would be sufficient. There are products for both PC and MAC to accomplish this.

    Such an operation wipes the data off the drive at the sector level. It’s gone. No amount of decryption or Boys in the Lab can save this data. Even the kill-switch gets the heave-ho. The sectors will contain factory-fresh all zeros.

    Of course, such an operation can only be survived by frequent, meticulous, and anonymous back ups to off-site storage. Just not MegaUpload, which I predict will be back in business within a year.

    The password required to unlock encryption IS testimony. However, technology is leading toward mind-reading, not away from it. Already, simple words can be read.

    There was a time when the future was exciting. The lesson? Never, ever let up on dissent of anything governmental. Ever.

Comments are closed.