Decrypted HDIn what may become a precedent setting digital rights ruling, Judge Robert Blackburn of the United States District Court of Colorado ruled that compelling an individual to provide access to the encrypted contents of a device does not violate the US Constitution’s prohibition of self incrimination.

The ruling came during the trial of Ramona Fricosu, who is accused of taking part in fraudulent real-estate transactions. While serving a search warrant of Fricosu’s home, investigators confiscated a laptop for which they had a warrant. Finding the contents of the drive encrypted, the authorities then requested that Fricosu enter the password or otherwise provide to the court the unencrypted contents of the computer. The Electronic Frontier Foundation argued that such a request constituted a breach of Fricosu’s Fifth Amendment rights, and submitted an Amicus Curaie on Fricosu’s behalf over the summer.

Yesterday Judge Blackburn, an appointee of George W. Bush, concluded that an individual’s protection from self incrimination under the Fifth Amendment isn’t violated by requiring production of the unencrypted contents of the laptop.

The Fifth Amendment, part of the Bill of Rights, states that “No person shall… be compelled in any criminal case to be a witness against himself…”

In explaining his rationale, Blackburn acknowledges the Supreme Court precedent that a defendant cannot be compelled to reveal the self-incriminating content of his or her mind, but concludes that that protection doesn’t extend to the contents of the hard-drive. In step with that reasoning, the government has offered Fricosu immunity from the use of any information revealed in the actual act of producing the unencrypted contents of the laptop, whether by revelation of a password or otherwise.

One prominent cyber law expert said the ruling isn’t unexpected.

“Doctrinally it’s not too surprising,” said Jonathan Zittrain of the Berkman Center for Internet and Society at Harvard University. “The fact that the person knows the password at all may not be usable against the person — i.e. using the knowledge of the password to tie the person to the hard drive. That probably would fall under 5th Amendment protection.”

In other words, even with the decrypted data in hand, the prosecution still needs evidence that they believe establishes Fricosu as the owner of the laptop even without the encryption key.

Fricosu has until February 21, 2012 to provide a copy of the hard drive or appeal.

You can read a copy of the indictment, courtesy of Wired, here.

Categories: Cryptography, Government

Comments (19)

  1. Anonymous
    1

    Another successful assault on the US Bill of Rights. Now the RIAA/MPAA can compel you to decrypt anything when looking for copyright infringement.

  2. Anonymous
    2

    And the right to remain silent does not apply either???  Nobody should be forced to divulge passwords.

  3. Anonymous
    4

    There was a Asian fellow who was know to the government to be involved in some very shady doings of espionage, entered the US through Customs and they seized his laptop which was “very heavily encrypted”. Yet old Uncle Sammy NSA types cracked it and convicted the guy, likely using a DNA computer, which is quite expensive, manpower intensive, thus not used except in extreme national security cases. This criminal case of Ramona certainly doesn’t warrant that expense, as the correction industry is just that, a industry designed to make a profit, so they are utilizing leverage, a person’s freedom, to extract the evidence. I guess future encryption methods are needed that write data on the drive in such a manner as to appear to be old traces of pictures, files, web pages etc., like what appears on nearly anyone’s non-scrubbed drive. Naturally the software doing the work needs to remove itself and it’s traces from the drive, perhaps the program code itself can reside on a easily destroyed key, like a easily scanned piece of paper which can be dissolved in the mouth in seconds upon a bum rush or a “please step over here sir” situation. Also new methods will have to be designed to obscure encrypted data on everyday objects. When you force the governments to have no clue where to look and require them to run expensive DNA computers on every possible pattern of anything in your possession from wallet photo’s to tie dyed t-shirts, there is no way they can “force” one to give up a password to something they are not sure of that contains anything (plausible denial-ability, “it’s just a shirt your honor”) and certainly can’t justify the expense. Of course the government has a partial solution, is to enable EFI in computers which is operating system like firmware level, enable spyware in there and leverage computer makers to provide access through a “update”, but they can’t spy on everyone at once and only online. Another thing they are doing is to phase out hard drives, which can be scrubbed (7x minimal), in exchange for Solid State Drives which cannot because of wear leveling. In fact Michigan Police were caught using Cellebrite machines that can read all iPhone contents in about a minute and a half, password and encryption too.

  4. Anonymous
    6

    To the poster with the large post above,

    I have not verfied this, but I do not think the 7 pass rule will apply to non-magnetic media like an SSD. One pass should be enough but this is just off the top of my head.

    Also, the process of hiding things to look like mundane scraps of data already exists. It’s called Steganography.

  5. Anonymous
    7

    Why would they go to such lengths and expenses to brute force crack encrypted data that poses a national security threat. A board, a rag and a caraffe of water costs hardly anything.

  6. Anonymous
    8

    Search Slashdot: Confidential data not safe on SSD
    Search theNewsPaper: Michigan: Police Search Cell Phones During Traffic Stops
    Search Slashdot: German Politician Demonstrates Extent of Cellphone Location Tracking
    And no, nothing to hide for the obvious reason that I know electronic items are rigged against me, I want others to know the dangers. It’s not like they include a warning sticker on the front of the shrink wrap “Warning! This device does not protect your privacy and can be used to identify you and your location. Everything and anything you say and do with this device can be used against you by law enforcement (corrupt or not), criminals, political enemies, spies, bigots, corrupt governments, overzealous prosecution, psychopaths, advertisers, marketers, profilers, estranged spouses, lawyers etc., and may result in your manipulation, imprisonment, banishment, extradition, serious bodily injury or even death”

  7. tkessler
    9

    This judge is completely wrong. A password is a product of the mind, and to be revealed would be the person speaking a word or words that would potentially incriminate him/herself.

    If the judge wants the data, its all right there in encrypted form, and he is welcome to brute-force attack it if he would like. Nobody is stopping him from doing what he can to get to the data’s meaning, but he cannot force the person to reveal a thought or any other non-physical means of getting to it. Ramona’s password is just how you make sense of the data–an interpretation tool, if you will, and not the data itself.

    In a similar manner, if the encriminating evidence were a document in an ancient language that only I know how to read (the meaning of which would require an ability of my mind being the key), I dont have to read it to the court at all. They have all the right to try interpreting it for themselves, but I have the absolute right to hush up and not say a thing. Its up to them to present whatever evidence they CAN to establish their case against me. If they cannot because they are not able to interpret the data, then too bad for them. I’m sure as heck not going to help them do it.

    This judge can go shove it…

  8. Anonymous
    10

    “A board, a rag and a carafe of water costs hardly anything.” And who knows the data wasn’t encrypted in such a way as be decoded differently depending upon which password was used? Or if the carrier really knows the password? If your using a encrypted hard drive you’ve already lost, it’s like giving up a location to buried treasure and then not saying how deep to go.

  9. Anonymous
    11

    It’s not like buried treasure if you’re someone like me.  I use encryption on pretty much everything as standard, even stuff which is backed up on remote servers unencrypted ;-)

    Authority hates not knowing the secrets in people’s lives, but what if the secrets on an encrypted HDD are benign and mundane and useless to an authority?

    Everyone should use encryption as standard, it would totally ruin most regimes >_>

  10. Anonymous
    12

    “Authority hates not knowing the secrets in people’s lives” Exactly, and they have the power to act upon their paranoia with laws and force of action. Better to show you have nothing to hide. If you do, have it in such a manner that no one would consider even looking, even if they did suspect everything and decided to try to decode everything possible, the resources involved would be overwhelming even for them. After all they can’t start digging for the treasure if they don’t know where to start.

  11. Anonymous
    13

    Legally no different than compelling a suspect to open the contents of a safe deposit box.

  12. Anonymous
    14

    A safe deposit box can be open withput the safe deposit box owners interaction, with a court order. But the 5th Amendment says “nor shall be compelled in any criminal case to be a witness against himself” and forcing a person to talk, even giving a passcode or password to a harddrive is IMHO, a violation of the 5th.

  13. Randy Grein
    15

    “A board, a rag and a caraffe of water costs hardly anything.” So, you want to substitute a possible rights violation (5th admendment) with a definite human rights violation (torture)?

     

  14. Anonymous
    16

    Plausable deniability is powerful.  Assuming this is a Windows computer, if she had properly used TrueCrypt with a hidden operating system then she could have happily decrypted the drive, including the second partition, and still never violated her own privacy and sovereignty.

  15. tkessler
    18

    She might or might not have something to hide, but thats besides the point. The evidence they claim they have is right there in front of them. The problem is they just don’t have the ability to read it and are trying to force this person to do it for them. In this land the burden of proof is on the prosecutor, and if he can’t understand or interpret what he has, then he has no evidence. The defendant handed over everything she posessed that they claimed was evidence, but their problem is they just cannot understand it.

  16. Gilbert Midonnet
    19

    <b>Better to show you have nothing to hide.</b>

    Better yet would be to declaw the police powers of the state; to try to limit the police powers to terrorism and crimes such as theft, rape and murder.  We should try to limit the police powers to as few activities as possible else we will most certainly live under a police state. That means legalizing activities that many find horrible (smoking marihuana, gambling, etc…) What is worse that your neighbors may be gambling or living under a police state?

    (Yes this is grossly over-simplified.)

     

Comments are closed.