Federal Judge Rules You May Be Forced To Provide Decryption Password

In July, we wrote about an ongoing case wherein a woman accused of fraud was being asked by the prosecution to provide the password to access her computer’s data, which otherwise would remain encrypted and unreadable, weakening their case. They got permission to compel her to reveal the password, but the defense said that it was unconstitutional to do so, as providing that information was essentially self-incriminating testimony.

The defense and the prosecution disagree, there is no single compelling precedent, and even the Supreme Court, which has weighed in on a similar topic, isn’t quite sure what to make of the situation. So, doing what Judges are made to do, Judge Robert Blackburn made a decision: “the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer.”

His opinion, which is embedded at the end of the post, is not a poorly informed or foolish one (like some inevitably are in tech), though it isn’t very transparent. One earlier decision in a child pornography case, though the situations are not particularly analogous, is more lucid and describes its reasoning in more detail, something that may be important in a potentially major precedent-setting case.

The interpretation he gives, notably, eschews analogies (the battle has been over whether providing the password is an expressive act or more akin to simply handing over a key) and sticks to what he feels are the more relevant legal realities: the location and nature of the data is known by the prosecution, the owner of the data and the laptop have also been established, and whatever documents are discovered will be authenticated not by the defendant’s production of the password but by other means. To him, it seems, everyone is arguing over the wrong aspects of the case. It’s a practical decision, but because it is so practical (and specific to this case), it probably won’t live long as a serious precedent.

The question everybody is asking is not whether Ramona Fricosu will be convicted of fraud, but how access to data should be considered in a courtroom. It’s long, long past time when this should have been settled definitively.

But the debate over whether access is “more like” one thing or another, over which there are precedents already, doesn’t seem very forward-thinking. This doesn’t seem like an issue that’s going to be settled by this kind of decision, unfortunately, because as the debate shows, nothing is really an adequate comparator for something like a password to an encrypted drive. The parallels are only superficial, and building legal precedent on superficial similarities just because it’s easier for some people to grasp is no way to build the future.

Unsurprisingly, Fricosu’s lawyers are fighting the decision, asking for a stay of execution on the order so they can take it to the next level, the 10th Circuit Court of Appeals. No doubt the debate will go on for some time, but this case will certainly be considered one of the key documents.