Status On Forcing You To Reveal Encryption Codes? (USA)

I was wondering what the status is of forcing people, who have encrypted files to unencrypted them?

I’ve seen a couple of things on the Internet but some seem contradictory.

One for example says a court found it couldn’t order the defendant to hand over the pass phrase but it could order her to produce an unencrypted file.

Then I found one that said, since a law enforcement official saw child porn, then the computer was turned off, thus making it encrypted, that the defendant could not invoke his 5th Amendment rights. Which seems odd as anyone could claim anything right?

And what about if I encrypt a file and upload it to like Dropbox. In that case I have no control over the physical hard drive, but I do control the pass phrase.

It doesn’t appear to be settled.

I found one case from last January in which a federal court ruled that being compelled to produce a password doesn’t violate someone’s right against self-incrimination. And a different case from last February in which another federal court ruled that it does.

Unless they catch you with the computer up and running, I don’t see how they can prove you know the password.

If you tell them that the password was 20 randomly generated characters that you had written on a piece of toilet paper, and that when you saw their cars outside you tore it into bits and flushed it before answering the door, what can they do? Obviously they can still arrest you and threaten you, but if you stick to your story, what can they actually charge you with?

As I understand it, the central issue is whether or nor not law enforcement knows beforehand with certainty that the encrypted file does indeed contain incriminating material.

That was the case with the laptop computer with child porn on it: customs agents had opened the computer and actually seen the images. In another case, investigators monitored a phone call a suspect mad from prison in which she admitted that a computer which had been confiscated during a police search contains critical evidence.

In both cases, the courts ruled the defendant had to reveal the password.

On the other hand, if police raided your home and confiscated a number of items including a computer with an encrypted hard drive, they can’t make you turn over the password since they don’t know with certainty that there is incriminating material. They only have a suspicion which isn’t enough.

Couldn’t you simply swear blind that you had forgotten the password?

NO! You never, ever lie to law enforcement or the courts, no lawyer is going to advise you to lie about forgetting the password.

You simply REMAIN SILENT, you are not compelled to explain or lie, just keep your mouth shut.

They are exercising action on both accounts under the same suspicion(s) correct?
Which begs the question why can they raid your home, yet not force you to produce access to the computer’s content?

Sometimes I worry over how we as ‘individuals’ view our ‘rights’ to ‘privacy’ and are all the more happy to ‘exercise’ these rights in the name of ‘liberty’ and ‘freedom.’
When really it boils down to us having something illegal in our possession and do not want to face punishment.

If the government deems it necessary to suit out a whole SWAT force and physically raid my house, I’m damn impressed and feeling important.
Least I could do is let them handle their business and be on their way.

What idiot is going to raise a fuss when there’s nothing to hide?

Principle is over rated.

I was contemplating this in an earlier thread. When you are obliged to reveal a password, this indeed seems to be a case in which you cannot remain silent, you are obliged to speak (or maybe write or type), otherwise, you’d be held in contempt.

So pretending to have forgotten a password doesn’t seem that unreasonable. You can always claim you’re emotionally upset by being accused of a crime and thus not be able to think clearly.

I still don’t understand why this isn’t settled, since the basic principles go back centuries. Surely, there’s been some court case that has settled the question of a safe with a combination lock, and that seems to me to be quite closely analogous to an encrypted drive.

With regard to combination locks, this probably didn’t really become a legal issue. If law enforcement wanted to gain access and the accused wouldn’t cooperate, they’d just break the lock. No big deal.

On the other hand, if you’re using for instance TrueCrypt to encrypt your hard drive, there is no way for prosecutors to gain access to the files without the defendant’s cooperation:

Back up for me, if you will: if they’ve got me dead to rights for murder, I get additional charges for not saying where the bodies are buried?

If I use a gun, I get further nailed for not saying where, or from whom, say, I bought it?

Those are the two main cases.

In the border/porn case, the border patrol had seen the actual photos before the PC shut down. As a result, the order was “produce these specific documents or provide us access to them.”

This was more like… If you take your incriminating accounting ledgers for your drug dealing, and hide them in some unknown location (buried in the woods) the police can force you to turn them over if they can show they exist. “Our undercover agent saw you writing accounts in the blue leather notebook. Produce it.” Failure to produce is contempt. It’s not about revealing where you hid tehm, it’s about “you must produce them”. You do not have to show where it is buried (assuming they let you roam free) but since it is proven to exist, you must make it available. IIRC, that’s the key point this decision hinged on. Once he’d let the border guards see specific computer content once, he could not refuse to let them in next time and claim fifth amendment. (“I refuse to re-incriminate myself…”)

The encrypted documents case was something else. They suspected certain documents existed in the encrypted partition, since the lady was clever enough to tell her husband in a bugged call from prison. “Don’t worry, they won’t find any incriminating documents, they are encrypted in that partition”. So the authorities know there is something interesting on that partition, but are not sure exactly what (from what I read of the case). It had to do with faking mortgage documents in the housing boom as I recall.

This makes it a more contentious case. The rule says they can’t go on a fishing expedition, they need to know what they are looking for. They did not know for sure of any specific document(s), just that they would be good for the case.

In the end, her husband told them some passwords to try, so the case never got far enough to set precedents.

So at this point, unsettled law.

There’s a large gulf between doing something illegal, and having nothing to hide.

AFAIK, there is nothing illegal about gay porn, for example, and yet it isn’t difficult to imagine many, many scenarios where a guy might not want City Hall, or the cop who lives down the street, knowing that he views it.

And thanks to the aggressive policies of the record and movie industry, you might find yourself on the wrong end of a search warrant just for being on the same P2P network as people who pirate copyrighted material — possibly without your knowledge, if you opened the wrong email.

One very relevant tidbit I picked up from another legalistic thread: If you voluntarily allow or assist law enforcement access to or with something, you can’t claim improper search or 5th amendment privelege over what they find.

For example, if you open a safe for them (to avoid having it destroyed by the safecracker) while they’re searching your house under a search warrant, whatever they find in that safe is legal evidence, even if the original search warrant is later shown to be invalid. I imagine the same thing applies to a virtual safe (i.e. encrypted files).

Furthermore, it’s not an accepted fact that the 5th amendment applies to statements already made (before law enforcement even started investigating you) or to physical evidence.

Those 2 bits should alleviate a bit of the confusion and shock around this issue. We may think of our personal documents and files as extensions of our private mental space, but the law merely sees them as physical evidence.

That was a critical part of the border guard case - having allowed them to see the pictures once, the defendant could not refuse to produce them later; nor could he claim fifth amendment over something he had already voluntarily let them see.

They can’t “raid your home”. They can go to a judge, say “we know there is some evidence that may relate to a specific case that we have reason to believe is hidden in here”. Then they go to your house, and can search for whatever matches the list of items on the search warrant. If they are looking for “guns, bullets, and knives” or “bloody clothes” they cannot open some envelopes and read the contents - it’s obvious there are no bullets etc in there, there was no legal reason to look. If the evidence is in plaint sight (forgot to put away your stash) or if it is found while searching a logical place (Looked in bottom drawer, found drugs) then even though it is not on the warrant, it is admissible.

Unencrypting a file, revealing passwords - this requires you to give testimony - something specifically prohibited by the fifth amendment. Anything they find there is fair game. How do you prove that it was not you who downloaded some files, anyone in your office could have used your computer while you were in the meeting? Why invite trouble?

What idiot is going to raise a fuss when there’s nothing to hide? Everyone who thinks “this is none of your business”, which is most Americans.