X
Tech
Home Tech Hardware

How to hide files from the law

You encrypt your data to protect it from spying eyes, including the government's. Can you be forced to decrypt it and thus incriminate yourself? A US appeals court says NO. This may drive the full-disk-encryption market.
Written by Robin Harris, Contributor

Good news for TrueCrypt The 5th Amendment says, in part, that no person ". . . shall be compelled in any criminal case to be a witness against himself. . . ." Thanks to this decision our computers are not necessarily witnesses against us as well.

The story The defendant, a John Doe, was accused of possessing child pornography. He was ordered to produce the unencrypted contents of his notebook hard drive and an additional 5 external drives. Mr. Doe, representing himself, refused, citing the 5th.

The U.S. Attorney then requested limited immunity for Mr. Doe, which did NOT protect him from using the drive's contents against him in a criminal prosecution. Mr. Doe again refused to decrypt the drives he was found in contempt of court and jailed. He appealed.

Mr. Doe spent almost 8 months in jail before his appeal succeeded.

The data that isn't there A property of good encryption is that not only can you not tell what the data is, you also can't even know if data is encrypted. Using forensic tools all you can see is a lot of random gibberish, whether data is encrypted or not.

Thus the government couldn't even prove that there might be data on the disks, let alone what the data might be. Update: Mr. Doe used TrueCrypt, an open source encryption product, to preserve his secrets. End update.

What is "testimony"? The district court judge didn't think decrypting the drives would constitute "testimony" under the 5th. Why did the appeals court disagree?

To win protection under the 5th, an individual must show three things: compulsion, a testimonial communication or act, and incrimination. Obviously the court was using compulsion, and the government expected incrimination.

Thus the key question: does the act of producing decrypted content constitute "testimony?" After all, simply handing over incriminating documents, as required by discovery proceedings every day, is not "testimony." The files themselves, should they exist, aren't protected under the 5th.

Would Doe’s act of decryption and production be testimonial? This is where the reasoning becomes subtle.

The appeals court reasoned that an act becomes testimonial when it requires you to use the contents of your mind to communicate some statement of fact. Surrendering the key to your safe deposit box doesn't qualify. Nor does handing over documents that the government can show with "reasonable particularity" it already knows exist.

In Mr. Doe's case, the court held that the decryption would require the use of the contents of his mind and is not simply a physical act, like handing over a key to a safe. Furthermore, the fact that the government did not know - could not know - whether any files were on the hard drives, meant that they failed the "reasonable particularity" test too.

The court then noted that if Mr. Doe had been given full immunity they could have compelled him to produce all the contents of the drives. But since they didn't, the 5th Amendment offered him more protection and thus his use of it was justified.

The Storage Bits take If computer privacy is of special interest I recommend reading this well-written and closely reasoned opinion (pdf). While the "conservative" wing of the current Supreme Court happily throws out decades of precedent on ideological grounds - 2 1 Supreme doesn't think women are entitled to equal protection under the Constitution? - the 5th is Constitutional bedrock. Update: Only 1 originalist Supreme, Scalia, has so opined. My wetware conflated him with Thomas, another staunch originalist. End update.

It will be interesting to see if this is appealed to the Supreme Court and, if it is, if they accept the case. If not, we can expect this ruling to be a major influence on other circuit courts.

This ruling may be a shot in the arm for the struggling full-disk-encryption market. With FDE, people only have to remember not to open the drive for law-enforcement to view, and not to talk to others about what may be on the drive. Either of these actions can create a "foregone conclusion" that allows the government to compel decryption.

Note also that Mr. Doe - a lawyer I'm guessing - won, but only after 8 months in jail and the related loss of income. Defending our rights is rarely easy, which is why they erode.

Courteous comments welcome, of course. I'd be surprised if this applied to customs inspection of notebook computers. You'd be better off placing encrypted copies in the cloud, deleting the originals, and downloading after returning to the US. Oh, and nothing in this post should be construed as legal advice.

Editorial standards
Show Comments

Related

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

penguin holding an apple on Sonoma background

6 features I wish MacOS would copy from Linux

Placeholder product image alt text

The best AI image generators to try right now