EFF Makes Case That Fifth Amendment Protects Against Compelled Decryption

The Electronic Frontier Foundation, along with the American Civil Liberties Union, filed an amicus brief yesterday explaining the Fifth Amendment privilege against self-incrimination prohibits compelled decryption.

With new leaks about the extent of U.S. government surveillance coming almost daily, one constant remains among all the deterrents to the NSA’s prying eyes: encryption technology works. As far as we know, the math behind encryption is solid, despite the specter of some unnamed breakthrough made by the spy agency some years ago.

The Snowden documents don’t seem to substantiate this breakthrough as yet; any success the NSA has had in beating encryption may come from subverting NIST standards used to build the technology into products, or companies being legally forced or coerced into handing over the encryption key.

Tangentially, the government continues to try to make a case for the ability to force someone alleged to have committed a crime to decrypt their hard drives and turn over evidence. On a number of previous occasions, the courts have upheld Fifth Amendment protections against self-incrimination in such cases.

In a case starting on Monday in Massachusetts Supreme Judicial Court, an appeal of a previous decision against Leon Gelfgatt, 49, of Marblehead, Mass., an attorney, was indicted in a mortgage fraud scam in which he is alleged to have stolen more than $1.3 million. The government, in trying to make its case against Gelfgatt, tried to compel him to decrypt his hard drive. The judge in the case, however, denied the request saying that such an action would violate the Fifth Amendment.

Digital advocacy group the Electronic Frontier Foundation, along with the American Civil Liberties Union, filed an amicus brief yesterday explaining the Fifth Amendment privilege against self-incrimination prohibits compelled decryption. Hanni Fakhoury, staff attorney with the EFF, wrote in a blogpost that the Fifth Amendment protects an individual from unveiling the “contents of his mind” and that the government through this action would be learning new facts in the case beyond the encryption key.

“By forcing Gelfgatt to translate the encrypted data it cannot read into a readable format, it would be learning what the unencrypted data was (and whether any data existed),” Fakhoury wrote. “Plus, the government would learn perhaps the most crucial of facts: that Gelfgatt had access to and dominion and control of files on the devices.”

The government’s argument is that the decryption is akin to providing the combination to unlock a safe, rather than compelling the production of decrypted files.

“That assertion is incorrect,” the brief says. “Just as encrypting a drive encrypts each and every one of its files, decrypting the drive makes available copies of all of its files.” The contention is that because the data is transformed and scrambled, decryption is more than a key, safe combination or password, the brief said.

In February 2012, a federal appeals court determined that a Florida man’s rights were violated when he was jailed for refusing to decrypt his hard drive. The EFF said this was the first time an appellate court ruled the Fifth Amendment protects against compelled decryption.

The EFF’s Fakhoury told Threatpost that the government has in the past suggested that encryption is used only by criminals to cover their tracks, while failing to point out legitimate business—and personal reasons—to encrypt data such as protecting trade secrets or personal data.

“In the surveillance environment, the need for encryption is especially strong because it often seems that strong technology is our last refuge from the government’s prying eyes,” Fakhoury said. “We’ve seen in all the leaks the government’s effort to undermine web encryption and so we must make sure they can’t undermine the physical device encryption here.”

Suggested articles