Interesting case. And I lean toward the side which says doing what is ordered amounts to self-incrimination which the 5th Amendment is designed to prevent.
American citizens can be ordered to decrypt their PGP-scrambled hard drives for police to peruse for incriminating files, a federal judge in Colorado ruled today in what could become a precedent-setting case.
Judge Robert Blackburn ordered a Peyton, Colo., woman to decrypt the hard drive of a Toshiba laptop computer no later than February 21–or face the consequences including contempt of court.
I’m not sure, in her case, what they’re looking for, not that it matters particularly. We again have technology in the focus and its use being ruled on by the court. The question is, does such an order violate the defendants right to refuse self-incrimination by unlocking data which has the possibility of incriminating her.
Today’s ruling from Blackburn sided with the U.S. Department of Justice, which argued, as CNET reported last summer, that Americans’ Fifth Amendment right to remain silent doesn’t apply to their encryption passphrases. Federal prosecutors, who did not immediately respond to a request for comment this afternoon, claimed in a brief that:
Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.
I certainly understand the import of that claim. And it is a valid point. But is it something which over rides the protection of the 5th Amendment? In my opinion, this is not at all as clear as the 4th Amendment case below. I’m not sure, however, one explains away the fact that decryption may indeed incriminate the person required to do the decrypting.
[A] Vermont federal judge concluded that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the files encrypted. Boucher eventually complied and was convicted.
On the other hand:
In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That’s "protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination," the court ruled (PDF).
The government argues:
Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.
The defense argues:
On the other hand are civil libertarians citing other Supreme Court cases that conclude Americans can’t be forced to give "compelled testimonial communications" and extending the legal shield of the Fifth Amendment to encryption passphrases. Courts already have ruled that that such protection extends to the contents of a defendant’s minds, the argument goes, so why shouldn’t a passphrase be shielded as well?
There you have it.