Show and Tell: Decrypt Your (Potentially Incriminating) Secrets Or Be Held In Contempt

Submitted by Gene Howington, Guest Blogger

The 5th Amendment of the U.S. Constitution reads:

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.”

The language is clear.  There is no reasonable alternative construction or deconstruction of the language that renders any permutation of the right against self-incrimination to yield a contrary result.  You don’t have to offer testimony against yourself in a criminal proceeding in any court of law.  Ever. In what seems an ever increasing and endless assault on the civil rights of American citizens, even this right spelled out in plain language is under attack. This time the alleged assailant is U.S. District Court Judge Robert Blackburn, a George W. Bush appointee.  Judge Blackburn has ordered a criminal defendant to produce a unencrypted version of an encrypted hard drive.  While several lower courts have addressed this issue, the Supreme Court has yet to weigh in on it.  That may change.

But is the 5th Amendment really under attack here?  The 5th Amendment applies to testimony.  The issue at hand here is production of evidence. Different standards and protections can apply to compelling the production of evidence. The case in front of Judge Blackburn is U.S. v. Fricosu.

Last week, Judge Blackburn ordered Ramona Fricosu of Peyton, Colorado, to decrypt the hard drive of a Toshiba laptop computer no later than February 21. The failure to follow this order has consequences including contempt of court. Contempt of court is an inherent power of the court although most jurisdictions have a statutory grant and definition of the power. In a criminal proceeding in Federal Court, contempt is covered by Rule 42 of the Federal Rules of Civil Procedure.

Contempt is a separate and distinct charge from the case at bar even though it can stem from events directly related to the case at bar.  Contempt charges may result from a failure to obey a lawful order of a court, showing disrespect for the judge, disruption of the proceedings through poor behaviour, or publication of material deemed likely to jeopardize a fair trial. A judge has wide latitude to impose sanctions such as a fine or jail for someone found guilty of contempt of court, however, key to the whole concept of contempt of court is that the judicial order must be lawful. In this case, the lawfulness of the order to decrypt the hard drive must be considered in light of the defendants 5th Amendment right against self-incrimination.  The laptop was seized by warrant during the investigation against Fricosu that led to the case at bar where she is charged with bank fraud, wire fraud, and money laundering as part of an alleged scheme to use falsified court documents to illegally gain title to homes near Colorado Springs.

In 2009 a factually similar case, In re Boucher, resulted in an order for the defendant to decrypt his hard drive. However, despite being similar, there were key differences in the Boucher case.  Sebastien Boucher was crossing over from Canada into Vermont.  His laptop was powered up allowing for inspection by ICE agents. While conducting the search, the agents found child pornography.  They subsequently seized the laptop and arrested Boucher, but the laptop was powered down upon seizure.  The hard disk was encrypted with PGP Disk encryption similar to  Symantec’s PGP Desktop used on Fricosu’s computer.  When the defendant argued that decrypting the hard drive violated his 5th Amendment right, the magistrate judge initially sided with Boucher, but upon appeal, a judge for the U.S. District Court for the District of Vermont reversed the decision.  In essence, the ruling of the District Court found the passphrase in Boucher to be analogous to a key to a lock box and the discovery of the evidence within a “foregone conclusion”.  But is an encrypted drive the same thing as a lock box?

If the government has substantive knowledge of the content and location of documents, there is precedent to allow compelling the production of such evidence, such as forcing the production of a key to a lock box the government knows contains said evidence.  If the existence and location of information are known to the government and the witness “adds little or nothing to the sum total of the Government’s information by conceding that [s]he in fact has the [information],” those matters are treated as a “foregone conclusion.” Fisher v. United States, 425 U.S. 391, 411 (1976). Similarly there is precedent for allowing the compelling the production of evidence such as finger prints, blood samples or voice recordings.  Courts considering the issue of passphrases and their production such as  United States v. Rogozin and United States v. Kirschner have previously held that the 5th Amendment applies to encryption passphrases.  Notably, Kirschner shares similar facts with Boucher. The defendant in Kirschner was charged with receiving child pornography, but unlike the Boucher case, authorities had no direct knowledge that the encrypted computer in question in that case was where the child pornography was stored.  Lower courts have held that the protection of the 5th extends to the contents of a defendant’s mind.  The key to these distinctions rests upon testimonial versus non-testimonial acts; testimony versus the production of physical evidence with known probative value.

In the Fricosu case, the initial warrant and seizure complied with the 4th Amendment requirements and was lawful.  Assistant U.S. Attorney Patricia Davies has argued that there is no 5th Amendment issue in compelling production of an unencrypted version of the hard drive because she isn’t seeking the passphrase proper but rather an “unlocked version” of the data seized legally pursuant to the warrant previously issued and executed.  In what appears to be a semantic argument, Davies has argues that since what she requested was production of an unencrypted version of the hard drive and not the disclosure of the passphrase proper that Friscosu is not being compelled to testify against herself.  The analogy to a lock box fails at this point for a couple of reasons.

First, the prosecution has no idea what is on the drive as it was powered down when seizure by warrant was made, merely a suspicion.  Substantive knowledge of the existence, location and probative value of the evidence sought is critical to the analysis of the existing jurisprudence. Since there is no direct knowledge by the prosecution of the actual contents of the encrypted drive, what they are likely to find there is not a “foregone conclusion”.  The prosecution claims that a recorded jailhouse conversation is the basis of their suspicion but that is not the same as having direct evidence of the drive’s contents.  Second, a passphrase is not like a key in that it lacks physicality; it is held only in Friscosu’s mind.  Either disclosing it or using it directly seemingly requires a testimonial action of the defendant’s mind.  Third, evidence is by its nature evidentiary or not in the state in which it is found.  Documents in a lock box are what they are as far as evidence goes or they are not. Fourth, control of the evidence prior to seizure is an issue in this case. Compelling her to decrypt the drive is compelling her to admit that she had control over the computer and would be self-incriminating concerning any evidence recovered from it. Fricosu’s husband is also charged in the mortgage fraud scheme.  The computer may or may not have been under her control.  It was taken from her residence which she shared with her co-defendant husband. This also brings up another issue: Fricosu may not be able to produce an unencrypted version of the hard drive because of impossibility. She may not know the passphrase.

In finding for the prosecution in granting the order, Judge Blackburn relied heavily upon Boucher despite the factual differences in the case.  Judge Blackburn points to Boucher without acknowledging the key factual differences in the cases.  On the case at bar, the prosecution has no direct substantive idea of the encrypted drives content compared to Boucher where the prosecution knew the contents of the drive because LEO’s had previously seen it. That did not stop him from issuing the order based on the prosecution’s contention that “[p]ublic interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.”

If upheld, this could have broad implications not just for criminal prosecutions, but for the business world as well.  As Joshua Engel, vice president and general counsel at consulting firm The Lycurgus Group, said, “There’s a tremendous impact on the corporate world as we move toward cloud computing, and the reason is because documents stored in the cloud are often encrypted (or should be), and stored in the cloud because you want people to collaborate; by acknowledging they have the key, that person is admitting they have worked on the file or have access to it. As such, if the document has bad things in it, you are aware simply by virtue through the encryption.”  A finding for Fricosu would strongly enhance your rights to privacy in addition to defining where the line is drawn regarding encryption technology and your 5th Amendment rights.  A finding against Fricosu would give law enforcement a powerful tool in finding useful evidence via search warrants.

Is that discovery tool worth sacrificing your right against self-incrimination or your right to privacy?

Is self-incrimination different if you decrypt the files yourself or are forced to give your password to others?

Is a situation factually different enough to merit circumventing the 5th Amendment if the government has a substantive idea what the drive contains? Or is a situation factually different enough to merit triggering the 5th Amendment if the government does not have a substantive idea what the drive contains?

Is this an attack on the 5th Amendment?

Is this an attack on the privacy rights found under the due process clause of the 14th Amendment?

What do you think?


~Submitted by Gene Howington, Guest Blogger

57 thoughts on “Show and Tell: Decrypt Your (Potentially Incriminating) Secrets Or Be Held In Contempt”

  1. Heather, there is no way to “get around” modern encryption with a good long pass phrase. The attempt might take BILLIONS of years.

    Heather Gatimu
    1, January 29, 2012 at 4:35 pm
    Really, this sounds like the prosecutor doesn’t want to spend the money to have the hard drive accessed by a computer analyst who knows how to get around passphrases. If there is no other evidence of the alleged crimes, the case is thin.

  2. “In essence, the ruling of the District Court found the passphrase in Boucher to be analogous to a key to a lock box and the discovery of the evidence within a “foregone conclusion”. But is an encrypted drive the same thing as a lock box?”

    If a suspect has a lock box and fails to hand over the key, the suspect could say one of:
    “I won’t give you the key”
    “I’ve lost the key”
    “It’s a combination lock, but I’ve forgotten the combination.”
    An order can be obtained to break open the box. The suspect does not have to hand over the key or remember a combination.

    The passphrase for encrypted drive is only like the key/combination of a lock box in that the investigators can obtain an order to allow them to break into it in the absence of a key or combination.
    This should mean that a court could grant an order to allow the investigators to attempt decryption.

    Obliging a person to *say* a key is obliging them to speak something that could incriminate them.
    If a court decides against them, the person could say that the stress of the whole matter has led them to forget the key.
    How would it be possible to prove that they are lying?

  3. Gene,

    Sorry for the rant above. It is not directed at you, it’s more of a rhetorical scream.

  4. Gene,

    Thank you again for your great post, insight, and opinion — it is one of the reasons I return to this blog on a frequent basis.

    This case, to my knowledge, was first mentioned on this blog here:

    My comment at the time is here:

    My comment either then or now is nothing special except to point out that historically the Clinton administration could not gain political majority at the time in pursuing the rationale for the escrow based Clipper encryption. The thought of all encrypted communications having a paired key held by the government was laughed at. Much has changed since then.

    The efforts of Philip Zimmerman in his fighting, and winning, against the Clinton administration’s position of treating asymmetrical encryption (as first defined by Whitfield Diffie) as “munitions” unavailable for export was a very determinant factor in the growth of the web. SSL is a form of asymmetrical encryption, and without this bare minimum and its variants, commerce on the web would not exist. And yet the SSL scheme shows its weakness in the fact that “certificates” (both sides of the key) are issued and held by entities with the paired key being blindly sucked in by modern browsers only to discover that at times the “certificate” has been breached — see Comodo SSL certificates circa 2011. So much for the escrow concept of key integrity.

    So it appears that after the ruling of Judge Blackburn the angst of the government in the 1990’s in trying to force escrow holding of encryption keys was unnecessary as they can now demand keys or passphrases to be given up. Another 9/11 malaise.

    So should we all now send and receive our snail mail on postcards for all to see? Is there a conceptually huge difference between an envelope and encrypted mail/data?

    I am aware of the argument in this particular case (in layman’s terms) being the distinction between a physical or virtual key (machine generated in both instances) verses a password/phrase that can only be found out by compelling one to share the information that exists in their mind.

    So what has changed between the Clinton administration’s pursuit of holding encryption keys in escrow vs. the current state of programs like TrueCrypt, AxCrypt, etc?

    It is interesting that during the growth of the web as a carrier of commerce that the idea of encryption keys being held by the government was shelved, and that now twenty some years later with evidence of the web being used as a carrier of “subversive” communications a la the Middle East, North Africa, and OWS the government now rules that encrypted data is to be given up even though the means of decryption exists only in one’s mind as a password.

    The fact that this particular prosecution is directed towards a person accused of mortgage fraud is a calculated decision by the government — to convince us all why we should be compelled to give up the freedom of private communication and/or secured archived correspondence. What a fucking joke.

    Sorry for the rambling, and thanks again for an excellent post.

  5. I have a question. Would this work ?

    Let the record reflect his/her Honor under the color of law is threatening to violate my 5th,6th,7th,8th,13th and 14th amendment. Standing on Miranda vs Arizona which states ” Where rights are secured by the constitution there can be no legislation that would abrigate them.”

  6. An addnote: What cooked Oliver North’s goose was that he thought he had deleted all those incriminating files. He forgot about a fellow named Peter Norton, a pioneer in the science of recovering deleted files.

    Colonel Ollie managed to escape prison time because he was convicted after being given qualified immunity by the knuckleheads in Congress. There was plenty or forensic evidence to send him away, but his sentence was reversed on appeal because of the qualified immunity deal.

  7. Martin, erased stuff does not really go away. It just goes someplace else where ordinary means cannot get at it. Recovery is possible as long as the disk has not reached maximum memory capacity–highly unlikely these days where even portable external hard drives can exceed a terabyte of memory.

    Our guy says what happens is all the old data fragments. Reassembling it is the job of a forensic computer expert. Difficult but not impossible.

  8. Otteray you say Our own IT guy who works on my computer started in the business as a military computer spook, and has told me it is possible to burrow down through as much as seven layers of erased and overwritten material on a hard drive to recover files

    If you can find seven bits under one bit, that means that the capacity of the hard drive could be increased 7 times with present technology. Good news if true.

  9. I wish I could remember the details. I read about this case when it was heard. The thinking was the password could be considered the same as a combination to a safe or the key to a room. Courts had previously ruled that the key had to be turned over but not the combo (I think, I may have that backwards). Forgive me for being so dense I don’t see the difference in those two. This ruling does seem to run counter to the fourth amendment.

  10. Great job Gene. I do think that this is an attack on the 5th Amendment. It is one complex case as you have suggested. Wow. Keep us up to date on the progression of this case.

  11. I would also like to see JT comment on the posts of the guest bloggers from time to time. -puzzling

    Why does PayPal comes to mind… 🙂

  12. puzzling,

    You’re welcome and thanks both for your kind words and your support of the EFF. They are a fine organization working hard to make sure our rights are not compromised by the rapid growth and ever changing nature of technology.

  13. Gene: “I would point out that alluding to the location of evidence of probative value is considerably different than the prosecution having substantive knowledge of the quality of said evidence.”
    I wondered if or how that would influence the case; she could have information that would work to exonerate herself. That’s not the fist thing that comes to mind though.

    AY: ” the problem with most defendants is they talk”

  14. Gene,

    Thanks for running this piece and the analysis you brought to it. I thought the Constitutional questions were both new and fundamental. I put the story in the suggestion box earlier this week.

    I would also like to see JT comment on the posts of the guest bloggers from time to time.

    From the EFF, a group I actively support:

    Decrypting data on a computer is a testimonial act that receives the full protection of the Fifth Amendment. This act would incriminate Fricosu because it might reveal she had control over the laptop and the data there. The government has failed to show that the existence and location of the information it seeks is a foregone conclusion. Furthermore, the limited immunity offered by the government is not coextensive with the scope of Fricosu’s privilege. The Court should therefore find that the government has failed to take the steps necessary to secure Fricosu’s Fifth Amendment rights and deny the application…

    The act would be an admission that she had control over the computer and the data stored on it before it was seized from her residence—which are critical admissions, particularly considering that she shared her residence with her co-defendant. The act would also show that she knows the encryption password and was able to access the encrypted data. If Fricosu knows the password, forcing her to perform the act of decrypting the data on the laptop will put her in the “cruel trilemma” that the privilege is designed to protect against: having to choose between incriminating herself, lying under oath, or refusing to answer and risking contempt of court.

  15. LK,

    It is agreed that this is an area where it is murky….But since they have opened the can of worms…they may have some leeway….In the case that you cite…it also appears that this is a ex-Husband and Wife….They generally have a Privilege against testimony against the other….which is one the exception…Again, the can of worms has been opened and the problem with most defendants is they talk…that is why there are so many of them….

  16. LK,

    Maybe, maybe not, but you are correct that it would be a stronger argument without the recorded phone call. I would point out that alluding to the location of evidence of probative value is considerably different than the prosecution having substantive knowledge of the quality of said evidence. She did not go into details of what was on the computer. In Boucher, LEO’s had actually seen the child pornography on the computer in question. I think that’s a critical difference and merits closer examination.

  17. If these facts are true, as reported on law dot com, is not the “foregone conclusion” test met? It doesn’t sound like a fishing expedition since she has already stated that relevant information is contained on the HD. If she had said nothing and the warrant boiled down to a mere possibility or probability that the laptop contained relevant information then might she not have a stronger case?

    In any event it would seem that if you are in a pickle just STFU is the best course of action.

    “In U.S. v. Fricosu, a ruling that some believe undermines Fifth Amendment protections in the digital age, a Colorado federal judge is requiring a woman to produce an unencrypted version of her Toshiba laptop’s hard drive to prosecutors in a mortgage fraud case. Ramona Fricosu of Peyton, Colo., and her incarcerated ex-husband, were indicted in 2010 on bank fraud charges, according to The Denver Post, in a “complex mortgage scam.” When investigators served a search warrant on her home, they seized the laptop with the encrypted drive, according to Wired Threat Level.

    The day after the execution of the search warrant, Fricosu spoke with her imprisoned ex-husband by phone. In the recorded conversation, she alluded to the fact that relevant information could be found on the encrypted laptop. According to the ruling by Judge Robert Blackburn of the U.S. District Court for the District of Colorado, the government sought a search warrant under the All Writs Act, which “would require Fricosu to produce the unencrypted contents of the computer.” However, she has not provided the information, “asserting her privilege against self-incrimination under the Fifth Amendment.” ”

  18. nal,

    If that same evidence is in the possession and it is of a past crime…it is absolutely protected…..Now a defendant can be compelled to give DNA, Blood and other things which are reasonably discoverable…. What the Defendant does not have to do at this time is to provide evidence that would implicate them in past crimes or crimes that will happen in the future….

    The digital age brings new issues to be resolved….If they are properly password protected….then it’d be years before they could break the code….I think all of the Kennedy files would be released before the code is broken….Just saying….so the government realizing that is trying to do an end run and indict you for your knowledge….which is against the 5th….

Comments are closed.