A Colorado District Court Ruling to force the suspect in a fraud case to surrender the encryption key to her laptop was deemed unnecessary after federal authorities managed to circumvent the device’s encryption, Ars Technica reports.
The development effectively ends what has been a controversial and closely-watched court case in the security community after the defendant, Ramona Fricosu, attempted to invoke her Fifth Amendment protection against self incrimination when the U.S. District Court of Colorado compelled her to decrypt her laptop.
Judge Robert E. Blackburn decided that that providing an encryption pass was not in violation of the Constitution’s prohibition on self-incrimination. Fricosu’s petition for appeal was denied and Blackburn ordered that she provide them with the unencrypted contents of the laptop by the end of the month.
As Threatpost reported, the case was embraced by privacy and civil rights groups as an important test of how the Courts would apply Constitutional protections to an individual’s digital “property.”
The Electronic Frontier Foundation appealed to the U.S. District Court of Colorado arguing that forcing someone to decrypt personal data was tantamount to forcing them to confess – a violation of the U.S. Constitution’s Fifth Amendment’s protection against self incrimination.
Colorado authorities had recently served a search warrant of Fricosu’s home and seized an encrypted laptop, which they believe contained critical evidence. Whether or not the laptop contains evidence of criminal activity remains unknown.
“They must have used or found successful one of the passwords the co-defendant provided them,” Fricosu’s attorney, Philip Dubois, told Ars on Wednesday.
In another recent case involving a man accused of possessing child pornography, the 11th District Court of Appeals ruled that the act of providing an encryption password is protected by the fifth amendment if the prosecution has no way of independently verifying the contents of an encrypted device or hard-drive.
In both cases, had the suspects been compelled to decrypt the content on their devices, the court would not have been allowed to use the defendant’s knowledge of the encryption keys to prove they owned or were otherwise responsible for the devices in question.