A court case in Colorado hinges on the ability of the prosecution to gain access to information on the defendant’s laptop. That data is encrypted and only accessible to the owner. Unsurprisingly, they asked the judge in the case to force the defendant to unlock the files. He sent the message up the ladder and they approved the request. But the defense claims that providing the password would be tantamount to self-incrimination, and forcing such an action would be unconstitutional.
It’s a conflict that’s been raging for some time in various forms and jurisdictions, but with support from on high, the EFF as co-pilot, and the 5th amendment in play, this case could go all the way to the top. Repercussions would be fairly fundamental to the way computer security works.
The details of the case itself are not entirely irrelevant: the defendant, Ramona Fricosu, is accused of various fraudulent activities amounting to a real estate scam relating to foreclosed homes. Part of the alleged crime is falsifying court documents, and evidence of this is supposed to be on the laptop. It’s easy to imagine other crimes, perhaps among the highly visible hacker community, that would be almost entirely isolated on a particular computer.
The conflict comes, as most do, from a simple difference in perspective. The prosecution asserts, reasonably enough, that an encrypted computer is legally akin to a locked desk or safe. With a warrant they can find the key, force the lock, or find means to convince the judge to force the owner to unlock it. But when the key is in one’s mind? The defense refused the judge’s request on the basis (also reasonable) that it was forcing the defendant to be a witness against herself. In the EFF’s words (in a brief filed last week), it “puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court.”
Unsurprisingly, neither side is willing to give. The prosecution rightly says that a precedent allowing people to simply decline to provide a password amounts to making digital evidence totally useless. After all, encryption is increasingly becoming the standard, and if a criminal is sure he will never have to give up a password, he can store illegal documents and goods with impunity as long as they are encrypted. A grave development indeed. One man has been compelled to produce a password for encrypting the data, but that may have fallen under the “foregone conclusion” argument, since a government agent testified to having seen the illegal documents (in that case, child pornography) before they were encrypted.
But the defense, and the EFF, say that not only would providing a password be testimonial in nature to begin with, but that precedent is in fact on their side. The Supreme Court has said that a witness could be compelled to produce a key to a locked door or container, since it implies nothing but possession of the key. The same couldn’t be said (they continued) for the combination for a locked safe, since that implies ownership and control.
So this difference in perspective has created a conflict that may have serious consequences as regards personal encryption of data. Privacy and free speech are peripherally involved here, as the ability to have a document or volume totally protected against intrusion is determined to be either a right or a privilege.
Here is yet another moment where searching among precedents is unlikely to produce a satisfactory conclusion. While a combination safe may be an adequate analogue (so to speak) for an encrypted digital drive, it doesn’t cover all the nuances, and in cases where precedent is being set, the nuances tend to be of enormous importance.
The case notes for United States v. Fricosu don’t appear to be available online, but new rulings should be forthcoming, and we’ll update as needed.