Thursday, July 21, 2011

DOJ Wants To Force Citizens To Surrender Passwords

The Colorado prosecution of a woman accused of a mortgage scam will test whether the government can punish you for refusing to disclose your encryption password.  The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.

Because Fricosu has opposed the proposal, this could turn into a precedent-setting case.  No U.S. appeals court appears to have ruled on whether such an order would be legal or not under the U.S. Constitution's Fifth Amendment, which broadly protects Americans' right to remain silent.

In a brief filed with the court, Fricosu's Colorado Springs-based attorney, Philip Dubois, said defendants can't be constitutionally obligated to help the government interpret their files. "If agents execute a search warrant and find, say, a diary handwritten in code, could the target be compelled to decode, i.e., decrypt, the diary?"

To the U.S. Justice Department, though, the requested court order represents a simple extension of prosecutors' long-standing ability to assemble information that could become evidence during a trial.  In their motion, DOJ claims that failure to compel disclosure of the encryption password would "serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible."

Much of the discussion has been about what analogy comes closest. Prosecutors tend to view encryption passwords as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

On the other hand are civil libertarians citing other Supreme Court cases that conclude Americans can't be forced to give "compelled testimonial communications" and extending the legal shield of the Fifth Amendment to encryption passphrases. Courts already have ruled that that such protection extends to the contents of a defendant's mind, so why shouldn't a passphrase be shielded as well?

The San Francisco-based Electronic Frontier Foundation argues that the Justice Department's request be rejected because of Fricosu's Fifth Amendment rights. The Fifth Amendment says that "no person...shall be compelled in any criminal case to be a witness against himself."


"Decrypting the data on the laptop can be, in and of itself, a testimonial act--revealing control over a computer and the files on it," said EFF Senior staff attorney Marcia Hofmann. "Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court."

No comments: