U.S. Court Extends Fifth Amendment to Encrypted Data

[Chanel Tompkins]

I like where it's going, but I don't want to hold my breath about it holding up in the Supreme Court, if a challenge gets taken that far. I mean, yeah there's a good chance for holding to the Constitution, but the Supreme Court's also full of people old enough to be scared of technology.

 

[evilneko]

I feel almost like.. breaking into song!

This was a triumph.
I'm making a note here:
HUGE SUCCESS.
It's hard to overstate my sa~tisfaction.

/Applauds the Court.

 

[Daemonate]

I like where it's going, but I don't want to hold my breath about it holding up in the Supreme Court, if a challenge gets taken that far. I mean, yeah there's a good chance for holding to the Constitution, but the Supreme Court's also full of people old enough to be scared of technology.

Sotomeyer you go Girl!

 

[Athinira]

Athinira, doesn't the finding in United States v. Fricosu contravert some of what you claim? Not that case specifically perhaps, but parts of the line of logic and precedent used to produce the finding?

For example: "...the defendant?s production was not necessary to authenticate the drive because he had already admitted possession of the computer..." http://www.wired.com/images_blogs/threatlevel/2012/01/decrypt.pdf

That's exactly right. The Fricosu Case and this case, which are both appeal court cases btw, are very very similar, yet the judgement was drastically different.

That's why i hope the Fricosu case will eventually find it's way to the Supreme Court, who i predict will rule the same as in this case: That unless the foregone conclusion applies, the 5th Amendment right protects Fricosus right to not incriminate herself by admitting control over the encrypted content.

It is possible that the court thought Fricosu's admittance to the possession of the computer might have been the deciding factor. It seems to me that the court ruled that admitting to possession of an encrypted computer is the equivalent of admitting control over the encrypted content. First of all, like mentioned, i would very much like to see that tried at the Supreme Court, but second (and also equally important), i doubt the ruling would have been the same if Fricosu had taken the 5th from the start, and not admitted to possessing anything at all.

Especially in this particular case, however, what would have been the court's response to a claim by Ms. Friscou that she could not remember, and/or had lost/destroyed the only written copy of, the password needed to decrypt?

Impossible to say without a ruling. I guess that would depend a lot on circumstances beyond what we know (for example how convincing Fricosu sounds to begin with. It's hard to judge without actually viewing the proceedings).

Perhaps I am reading it wrong, but then just admitting one possessed / owned a device at some point in time would be then halfway to determining foregone conclusion and the requirement of producing the contents? Surely this does not take into account accidental or malicious intrusion, misuse by another, content stored.

I have personal experience with this as I once knew of someone who received a disk from another person, supposedly blank, which turned out to have questionable content. They could not be sure where the content originated from, and the other party claimed no knowledge of the content (it was from a business machine several years old, which many people had access to), so they destroyed the disks.

If for example, they had instead failed to inspect the disks and yet blithely installed them in their computer, which they freely admitted ownership of, could they have been compelled to grant access to files that they did not know existed, that did not belong to them, and that they may have had no physical way to produce (if they required a password to view)?

...and your example is the EXACT reason i choose to support people like Fricosu, the EEF and the man in this ruling

My point is there is a test drugs , firearms, financial reports, you can run checks on bank statements financial records etc but there is no system for encryped data. if you had these items in a safe you would have to open it

No you wouldn't. You would have to hand over the keys (physical items), but if it was a combination safe, the court has ruled that police can't enforce you to reveal or use the combination, so they will have to break into the safe themselves.

That is, of course, unless it's a company being raided, because this part...

The likely outcome of this is a change to the way encryption is allowed and companies that provide encryption will have to provide keys to de crypt it under warrant to.

That was my point, the case was right but the law is currently wrong there is no system to acquire the information without violating the 5th amendment. But the 5th like the right to silence and burden of proof are there to make it fair. Not to provide immunity. and thats what will change.

...forces me to bring up a very important point: The 5th Amendment only protects individuals, not companies.

If a company has been raided and drives (with encrypted content) seized, then the court can compel people who they believe capable of opening the encrypted content (could for example be a secretary or the chief of security) to open it, since it's the company that's under scrutiny, not the persons. It's a vastly different situation from these cases.

Of course the ability to claim not having access still applies. Whether or not that's contempt for court would have to be decided on a case by case basis.

 

[Daemonate]

Thanks for your replies.

Getting a little bit off-topic, what if being compelled to open company computers for company crimes would lead to you incriminating yourself individually criminally?

 

[Athinira]

Thanks for your replies.

Getting a little bit off-topic, what if being compelled to open company computers for company crimes would lead to you incriminating yourself individually criminally?

My guess is that even though the court can compel the decryption of the content, you - being selected as the decrypter - can still get immunity against the prosecution using any content on the decrypted drive against you on the individual level. They can still prosecute you for any individual crimes you may or may not have done, they just can't use the decrypted drive as evidence during that particular prosecution.

However, if multiple people had access to the content on the drive, the prosecution is likely to get to select who they want to decrypt it, and are therefore likely to select someone with from the company with little relation to the actual crimes for the decryption (using 'witnesses' rather than 'defendants', since this leaves them less likely of violating the defendants rights).

I emphasize strongly that everything in this post is my own personal guess, since there is no precedence on this area.