Compelling production of a password, revisited

Great Debates
1

In this GQ thread, among others, we discussed the question of the government requiring a person to provide the password to unencrypt a hard drive that contains (presumably) incriminating information about himself.

There’s no directly applicable precedent, but in In Re Grand Jury Subpoena to Boucher, a Vermont federal district court required a man to unlock his system (interestingly, they did not require him to reveal the password, but simply to provide the government with an unlocked version of his hard drive). They did not use the fact that he knew the password against him, but they did use the revealed contents against him.

Now Colorado has a similar case. Ramona Fricosu is accused of particpating in various fraudulent real estate and mortgage transactions. Pursuant to a valid warrant, the government searched her home and seized a laptop computer; pursuant to a second, specific warrant, they searched the laptop’s hard drive.

But there they were stymied, because the laptop’s owner had set up the drive as an encrypted volume, and despite trying, the government was unable to break the password.

So the government sought a court order to compel Ms. Fricosu to provide the government an unencrypted version of the documents. They point to established case law that says in essence that the government, if possessing a valid search warrant for a locked safe, can compel the owner to provide the safe key.

She replies with Justice Stevens’ poetic dissent in Doe v. US, 487 U.S. 201 (1988):

Of course, that reasoning was in the dissent, not the majority opinion, which did in fact compel John Doe to sign releases authorizing his foreign banks to provide information about him.

In any event, returning to Fricosu’s dilemma, her attorney has promised to appeal an adverse decision, so it seems likely we will get a precedent-setting opinion on the issue here.

Will the law compel a criminal defendant to provide the government with the unencrypted version of an encrypted laptop, if the government can then use that content (if not the fact that she knew if) against her?

2

Can defendants be compelled to disclose the location of things they’ve hidden? No. Instead, the government has to go find the things they’ve hidden. I think that’s more analogous since we’re talking about information rather than a physical object.

ETA: That is not to say that I think it’s unreasonable to apply the safe key analogy instead.

3

I’m not a legal eagle; can I play too or is this strictly a technical law interpretation thread?

4

There is no such thing as technical law in cases of first impression. It’s more about logical reasoning than law, provided there isn’t an obviously analogous ruling to apply.

I guess Doe would be an obvious analogy for some people, but the rules for physical evidence are always quite different from those for thoughts.

5

Bricker, didn’t Boucher go the other way?

6

Alright then.

I would reason that compelling a defendant to provide a password or an unencrypted volume is a violation of self incrimination. The government has the right to seize and search whatever they may find. They have their own experts and resources to accomplish this task and may use whatever they find against the defendant. I see no reason why they should be allowed to compel the accused to provide them with further access to anything. If they cannot get the job done, then tough. While they might be able to compel someone to provide a key to a safe, there is nothing preventing the defendant from replying that he lost it, or threw it in the river, or whatever. Presumably the next step would be to hire a safe cracker. If that attempt fails and they have to cut their way in and ruin the documents in the process, tough luck. This feels the same to me.

7

A question I asked in the previous thread that did not get answered is:
I have 2 passwords on my drive, “secret” that unecrypts the drive and “password” that slags the contents. I tell the police (or under their direction use) “password” and thereby destroy the hard drive. Have I commited a crime?

8

As an aside to cases like this, what are the gubmint’s options if your reply to their request for password is “I forgot / don’t know”?

How do they prove that you know and are just holding out on them? I guess if it’s your laptop they can assume you know the contents of it, but that’s not necessarily the case.

Has anyone ever tried going down that path when asked for their password by an investigator?

9

WAG: depends on whether they have already executed the warrant and are in custody and control of your drive.

10

Can you be dinged for destruction evidence that hasn’t even been cataloged yet though? If so, that would seem to indicate that the law equates electronic files and paper documents.

11

Are you reading Boucher I or Boucher II ?

12

Join the party. Not only is this almost a case of first impression (three district court rulings, two one way and one another) with no federal circuit precedent set, it’s also a classic case of technology outstripping the law. We’re talking about strongbox keys and safe combinations, without either being a perfect analogy.

13

Even if they can compel you to reveal the password, is there a limit as to how they can carry this out? Could they potentially jail you on a contempt charge in perpetuity until you gave them the password? If not, seems like a reasonable action would be to weigh the relative penalties for failing to reveal the password to those for the crime you were originally accused of.

On a related note, can they use the fact that you are willing to go to jail to avoid revealing the password as evidence of guilt of the original crime?

14

Just to fill you in on how the key case might then proceed, though, the judge is entitled to hold the witness in contempt if he fails to provide the key… and while of course he may claim to have thrown it in the river, the judge is entitled to assess the credibility of that statement, and toss him in jail if he feels that claim is false. And unlike actually being convicted of a crime, theoretically the judge can keep the witness in jail for an indeterminate period of time, the idea being that the witness may purge himself of the contempt at any time and thus he holds the key to his own jail cell.

15

Yes, just the same crime as being properly served with a subpoena to produce paper records and burning them instead.

16

Answered above.

Almost certainly not.

In fact, if they compel you to decrypt the drivem they cannot even use the fact that you knew the decryption password against you.

But of course they can use the actual, now-decrypted contents against you.

17

I’m on my phone at work so I’ll have to keep my next few posts brief. Theoretically the judge cannot hold you longer than the trial though correct? If it proceeds without the contents and you are acquitted then they would have to let you go at that point?

18

I didn’t know there were two, and now I can’t find that opinion.

19

I figure once the government has seized a computer and it is wholly in their possession and control, I don’t have the right or the obligation to operate it until it is wholly returned to my possession and control. Thus, they can’t seize machinery and later come to me with “how do you work this thing?” Too bad, suckers. I’m not coming to your house to show you how to play with the toys that you took from me.

20

Boucher I, November 2007, Magistrate Judge’s opinion, which quashed the subpoena. (In re Grand Jury Subpoena to Sebastien Boucher, 2:06-mj-91, 2007 WL 4246473 (District Court, D. Vt., Nov. 29, 2007)

Government appealed, and the federal district court overruled the magistrate judge and ordered Boucher to provide the government with an unencrypted drive. (In re Grand Jury Subpoena to Sebastien Boucher, 2009 WL 424718 (District Court, D. Vt. Feb. 29, 2009)

I can give you a PACER ref if you have PACER access.