Self-Incrimination vs. File-Encryption: Finding a Workaround for the Fifth Amendment

    February 3rd, 2012

    by Rory Montez

    Milford Sound in New ZealandLast week a U.S. District Court judge ruled that a defendant in a criminal case must produce the unencrypted contents of her currently encrypted laptop. This week we will discuss both sides of the ruling, the potential ramifications of the ruling and why the Electronic Frontier Foundation felt it was necessary to file a brief supporting the defendant back in July 2011.

    The Electronic Frontier Foundation weighs in on Encryption, Fifth Amendment rights

    The Electronic Frontier Foundation (EFF) is a non-profit organization advocating consumers’ digital rights and challenging potential legislation that could infringe on personal liberties or fair usage (such as the Stop Online Piracy Act or the Protect IP Act). The EFF has long been the bane of major copyright holders like Sony and Viacom, as well as trade representatives, such as the Recording Industry Association of America (RIAA), and the Motion Picture Association of America (MPAA).

    On July 8, 2011, the EFF filed an amicus brief (EFF Amicus) supporting a Defendant, Ramona Fricosu, in her opposition to the government’s demand she enter a password into her laptop or otherwise provide the government with unencrypted access to the encrypted data stored on her laptop.

    “EFF’s interest in this case is the sound and principled application of the Fifth Amendment to encryption passwords and encrypted information stored on computers…EFF submits this brief to help the Court apply the Fifth Amendment privilege against self-incrimination in a manner that ensures the constitutional rights of those who use this technological measure to protect their privacy and security.”

    The EFF’s main argument is that the government is overreaching in its demand to have Ms. Fricosu turn over her password (or produce an unencrypted drive) by failing to recognize that her compliance with the government’s request is essentially a testimonialact. Under the Act of Production doctrine, known for its application in United States v. Hubbell (Hubbell I), the U.S. Supreme Court held that a person can invoke their Fifth Amendment rights against the production of documents only where the very act of producing the documents has a testimonial aspect and is incriminating in itself.

    The EFF’s brief ends with the following conclusion:

    The government is overreaching to try to compel Fricosu to supply an encryption password that they hope will give them access to the full contents of a laptop. The Court should decide this important constitutional question in a way that recognizes the substantial benefits of encryption to safeguard the security and privacy of digital information stored on computers. New technologies present new challenges for law enforcement, but this reality does not justify the abandonment of well-established constitutional protections that secure individuals’ rights. Decrypting data is an act with testimonial aspects that are protected by the Fifth Amendment. The government cannot identify the evidence it hopes to find with any specificity, and it has not offered Fricosu immunity coextensive with her Fifth Amendment privilege against self-incrimination. For all the reasons discussed above, the government’s application should be denied.

    Is the EFF’s argument valid? Let’s look at both sides of the decision.

    Arguments in favor of the Ruling

    A Foregone Conclusion
    In United States v. Hubbell (Hubbell I), the defendant, Webster Hubbell invoked his Fifth Amendment privilege against self-incrimination while appearing before a Grand Jury. The government then subpoenaed the Defendant, ordering him to produce eleven categories of documents. After being granted immunity for this production, the Defendant complied and produced over 13,000 documents. The contents of the produced documents as well as the Defendant’s responses to a series of questions (which indicated that the documents had been in his custody) led to a second prosecution against Hubbell (Hubbell II). The Prosecution argued that because the government’s possession of the documents resulted from the simple physical act of Hubbell’s production of those documents, the Defendant’s immunity should not prevent the Prosecution from making consequential use of the documents. The Supreme Court ruled in favor of Hubbell, stating that if a Defendant produces documents pursuant to a grant of immunity, the government may not use those documents to prepare criminal charges against the Defendant. The Supreme Court’s ruling also held that because the government could not independently prove the existence or the whereabouts of the documents produced in response to the subpoena (i.e. without the help of the defendant), the Court rejected the Prosecution’s argument that the papers’ existence and location were a foregone conclusion.

    Ms. Fricosu’s case differs in one key way from United States v. Hubbell. In his decision ordering Ms. Fricosu to produce an unencrypted copy of the contents of her laptop, U.S. District Judge Robert E. Blackburn focused on the fact that the government was already aware that one of Ms. Fricosu’s laptops was encrypted prior to her testimony, and did not learn of the encrypted data as a result of her testimony. Instead, the government learned of the encrypted data via a recorded telephone conversation between Ms. Fricosu and her ex-husband Scott Whatcott while Fricosu was incarcerated.

    The following excerpt is taken from “Order Granting Application under the All Writs
    Act requiring defendant Fricosu to assist in the execution of previously issued Search Warrants,” filed on January 23, 2012 (Order):

    The day following the execution of the search warrant [May 15, 2010], Mr. Whatcott called Ms. Fricosu from the Four Mile Correctional Center. Their conversation was recorded. During that call, the following relevant exchange occurred:

    Ramona: Oh so anyway, earlier we were talking about that lawyer thing
    Scott: Yes
    Ramona: So um, in a way I want them to find it
    Scott: OK
    Ramona: in a way I don’t just for the hell of it
    Scott: OK
    . . . .
    Ramona: Ookay (pause) uhm in a way I want them to find it
    Scott: Mm-hmm
    Ramona: and uhm because they will have to ask for my help uhm and in another way I don’t want them to find it let them let them work for it
    Scott: Right
    Ramona: you know what I mean
    Scott: right (pause) yeah, if it’s there, they, they will find it
    Ramona: uhm, can they get past what they need to get past to get to it
    Scott: they will listen first
    Ramona: it will shut off
    Scott: (pause) what
    Ramona: it was on my laptop
    Scott: oh yeah
    Ramona: yeah
    Scott: OK
    Ramona: I don’t know if they can get to it
    Scott: it was on your laptop
    Ramona: yes
    Scott: OK (pause) and did you have any something like anything on your computer to protect it or something
    Ramona: yeah
    Scott: OK then I don’t know.
    Ramona: I mean, I think I did
    Scott: OK
    Ramona: Ya know I haven’t
    Scott: (SC [simultaneous conversation]) oh yeah that’s right
    it was on your laptop wasn’t it?
    Ramona: I think so but I’m not sure
    Scott: OK
    Ramona: yeah cause they kept asking me for passwords and I said, ya know no I just didn’t answer them
    Scott: right (SC). Because when you went there you took your laptop
    Ramona: yeah I think so I think I did
    Scott: and so (SC) it would been on there
    Ramona: yeah
    Scott: OK
    Ramona: and my lawyer said I’m not obligated by law to give them any passwords or anything they need to figure things out for themselves

    During this conversation, which the defendant knew would be recorded, she mentioned the fact that her laptop was encrypted, and that the government would need to “figure things out for themselves”.

    In his closing statement, Blackburn wrote, “The uncontroverted evidence demonstrates that Ms. Fricosu acknowledged to Whatcott during their recorded phone conversation that she owned or had such a laptop computer, the contents of which were only accessible by entry of a password.”

    Ms. Fricosu and Mr. Whatcott’s conversation serves as the government’s independent proof of the existence and the whereabouts of the encrypted data, and thus demonstrates that the existence and location of the evidence is a foregone conclusion. As Blackburn states, “There is little question here but that the government knows of the existence and location of the computer’s files. The fact that it does not know the specific content of any specific documents is not a barrier to production.”

    Production of Self-Incriminating Evidence is Routine
    Let’s put the Fifth Amendment aside for a moment and look at another aspect of the criminal justice system: How is producing a password any different than producing a blood sample?

    U.S. courts routinely order defendants to produce evidence that is highly self-incriminating: blood, semen, hair and handwriting samples can all be used to prove a defendant’s involvement in a crime. Why would a guilty defendant ever agree to turn over a blood sample that he knows will be the lynchpin in the Prosecution’s case against him?

    Because U.S. courts have found the Fifth Amendment only protects evidence of a testimonial nature, or “the contents of one’s mind,” (Boucher) DNA, semen, and handwriting samples are not classified by U.S. court as being of a testimonial nature. Therefore, the Fifth Amendment provides no protection for these types of evidence.

    Arguments against the Ruling

    The Life of the Mind
    This leads us back to the question of whether providing a password can be classified as a compelled testimonial act. Does a password fall within the contents of one’s mind? Is there a distinction between a password that is maintained solely in one’s mind versus a password that has been physically written on a piece of paper and locked in a safe?

    In the EFF’s brief, they write “The Supreme Court has explained that a witness might be ‘forced to surrender a key to a strongbox containing incriminating documents,’ but not ‘compelled to reveal the combination to a wall safe’… Forcing an individual to supply a password necessary to unlock encrypted data is more like revealing the combination to a wall safe than to surrender a key: the witness is being compelled to disclose information that exists in her mind, not to hand over a physical item.”

    This specific argument may have led the prosecution and Judge Blackburn to modify the Court’s order; instead of requesting the defendant enter her password into the laptop, the language in the order now reads that Ms. Fricosu must “provide an unencrypted copy of the hard drive” from her Toshiba laptop. This still essentially forces Ms. Fricosu to produce her password, as she will need to enter the password into the laptop before the unencrypted contents can be reviewed or copied. This simple rephrasing of the order removes the teeth of the EFF’s entire argument.

    Apples vs. Apples
    How is a password different from a passcode combination? Judge Blackburn’s ruling in the Fricosu case is somewhat at odds with a previous ruling by the U.S. Supreme court that hinged on the compelled execution of a document. In Doe v. U.S. (Doe), the Supreme Court ruled that a previous order compelling a petitioner to sign a directive did not violate his Fifth Amendment right against self-incrimination. However, in the sole dissenting opinion, Justice John Paul Stevens wrote, “A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the Prosecution in convicting him of a crime? I think not. He may, in some cases, be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe – by word or deed”.

    A password is a string of alphanumeric characters used for authentication to gain access to a resource, such as a computer. A passcode (or combination lock code) is essentially the same thing: a string of characters (generally numerical) that is used for authentication to gain access to a resource, whether a locked safe, a door, or an ATM. The fact that the Court treats one of these terms with more reverence than the other shows a need for change; the Court’s view of technology is outdated.

    Potential Ramifications

    Whether you agree with the Court’s ruling or not, this case will have widespread ramifications as technology continues to evolve at lightning speed.

    Further Erosion of the Fifth Amendment
    Most Americans are already of the opinion that the Fifth Amendment is a mirage; if the government wants Defendants to incriminate themselves, theywill find a way to compel their cooperation. The Fifth Amendment privilege continues to narrow as clever Prosecutors and Judges find new ways to reinterpret, subvert and bend existing case law to fit the needs of any given case. This is not to say that the bad guys deserve to win; if the Judge had ruled that the Defendant cannot be compelled to provide a password or unencrypted version of an encrypted hard drive, criminals would likely take this as the green-light to use the encryption issue as a rote criminal defense. The answer is somewhere in the middle; time is necessary to allow the courts to see the impact of their ruling and how it is applied in future cases. In addition, the development of new encryption and decryption technology may render this an esoteric ruling in a manner of months.

    The Cat-and-Mouse Game
    The Fricosu ruling will likely lead to more criminal defendants being ordered to turn over unencrypted copies of their hard drives, should the government feel that evidence is located within encrypted drives. But what if the encrypted hard drive contains hidden volumes? Encryption software already exists which allows a user to create a hidden volume within an encrypted volume. Thus, even if a Defendant was ordered to produce a password or an unencrypted copy of a hard drive, the Prosecution may still not” find” the evidence because they don’t know that any hidden volumes exist on such an encrypted drive. As an example, imagine the police execute a search warrant of your home. They search every room, including the attic, but do not find the evidence they seek because the evidence is stashed in a hidden compartment below the kitchen floor. The warrant allowed law enforcement to search the whole house; is it your fault that the police didn’t search long or hard enough to find the evidence in the hidden compartment? Now apply this same analogy to an encrypted hard drive with a secondary, hidden volume within. Unless a defendant admits that such a hidden volume exists, forensic examiners reviewing a formerly-encrypted hard drive may never know that they missed finding a key piece of evidence that was within their grasps.

    In closing, technology continues to advance faster than legislation and jurisprudence. This gap will lead to collateral damage: Defendants’ rights will be violated, the courts will continue to overreach, and criminals will try to stay one step ahead of law enforcement.

    The following text is taken from TrueCrypt’s website (TrueCrypt). TrueCrpyt is free, open-source encryption software. Their software offers the ability to create secondary hidden encrypted volumes within encrypted files. Why? So that if you are compelled to produce your password and unencrypt your drive, the actual sensitive data that you were trying to hide will still remain, ostensibly, undetectable and hidden. The feature alone demonstrates that this issue is far from over, and the Courts have their work cut out for them:

    It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.

    The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created and no part of the (dismounted) hidden volume can be distinguished from the actual random data. Note that TrueCrypt doesnotmodify the file system (information about free space, etc.) within the outer volume in any way.

    About the Author

    The author, Rory Montez, B.A., is a Senior Forensic Research Analyst and Corporate Investigator with Diversified Risk Management, Inc, specializing in workplace investigations and complex research matters. He received a Bachelor of Arts Degree in Comparative Literature from California State University Long Beach. Mr. Montez can be reached at +800.810.9508 or montez@drminc.us