in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Ruling on Fricosu: Much Ado About Nothing?

The ruling by US District Court Judge Robert in US v. Fricosu has attracted a lot of attention.  It was covered by various media outlets who, in my opinion, largely got it wrong (at least, if you're only reading the headlines).  I'm not a lawyer, but there are plenty of those who are that have opined on the case in their blogs and elsewhere.  Opinions are divided, as it should be.  The case was a controversial one.

Based on what I've read, it looks like there may less here than meets the eye.  That is, this case is not a precedent setting case where the US government can get a copy of your encrypted data whenever it wishes to.  Nor is it correct to state that "decrypting a laptop doesn't count as self-incrimination."

Rather, as others have noted, it's a similar case to Boucher, where a court found that Fifth Amendment rights were not violated because of "foregone conclusion." 

Clearing Up Past Posts, Laying Down the Facts

I've covered the Fricosu case twice in the past, here and more recently here.  I had to go with what I could find on the internet, so some of the information on which I drew my opinions were factually incorrect.

On reading the actual Judge's ruling, we get a clearer picture of what transpired.  Just laying out the facts:

  • Fricosu lived with her mother and her children (earlier stories alluded to roommates)
  • Six computers were seized when the search warrant was effected
  • Three computers were desktops, the other three were laptops.  Only one of them was encrypted with "PGP Desktop"
  • The encrypted computer was found in Fricosu's room
  • When booted, the computer displays the whole disk encryption screen, in which the machine is identified as RS.WORKGROUP.Ramona (earlier stories noted that there was no way to identify who the owner of the computer was)
  • A conversation was recorded between Fricosu and Scott Whatcott, her previous husband and partner in crime (and incarcerated at Four Mile Corretcional Center at the time of the conversation)

The conversation runs as follows (my emphasis.  It's slightly long; my apologies):

Ramona: Oh so anyway, earlier we were talking about that lawyer thing
Scott:  Yes
Ramona:  So um, in a way I want them to find it
Scott:  OK
Ramona:  in a way I don’t just for the hell of it
Scott:  OK
. . . .
Ramona:  Ookay (pause) uhm in a way I want them to find it
Scott:  Mm-hmm
Ramona:  and uhm because they will have to ask for my help uhm and in another way I don’t want them to find it let them let them work for it
Scott:  Right
Ramona: you know what I mean
Scott: right (pause) yeah, if it’s there, they, they will find it
Ramona: uhm, can they get past what they need to get past to get to it
Scott: they will listen first
Ramona: it will shut off
Scott: (pause) what
Ramona: it was on my laptop
Scott: oh yeah
Ramona:  yeah
Scott: OK
Ramona:  I don’t know if they can get to it
Scott: it was on your laptop
Ramona: yes
Scott:  OK (pause) and did you have any something like anything on your computer to protect it or something
Ramona: yeah
Scott:  OK then I don’t know.
Ramona:  I mean, I think I did
Scott:  OK
Ramona: Ya know I haven’t
Scott: (SC [simultaneous conversation]) oh yeah that’s right it was on your laptop wasn’t it
Ramona:  I think so but I’m not sure
Scott: OK
Ramona: yeah cause they kept asking me for passwords and I said, ya know no I just didn’t answer them
Scott: right (SC).  Because when you went there you took your laptop
Ramona: yeah I think so I think I did
Scott: and so (SC) it would been on there
Ramona: yeah
Scott:  OK
Ramona: and my lawyer said I’m not obligated by law to give them any passwords or anything they need to figure things out for themselves

While there is nothing conclusive in the conversation, it's quite obvious that there is something of an incriminating nature in one of the laptops, based on the facts that I've listed above,  Not just any laptop, though; one that requires a password for access.  Which has also been identified as Ramona's, per the name on the computer.

Is It a Foregone Conclusion?

Earlier this month, I noted that a defendant had to cough up his encrypted hard disk's data in another case involving a cryptographically protected laptop.  To summarize the case, a man, Mr. Boucher, had given a US Border guard access to his computer, on which child pornography was present.  The man was detained for this.  When the government booted up the computer again, after the arrest, full disk encryption stopped them from accessing the evidence.

The court ruled that an unencrypted copy of the disk's contents had to me made available by the defendant because the government already knew that the evidence was in the laptop.  Producing this evidence was not in violation of the Fifth Amendment because of the foregone conclusion doctrine.  That is, producing the evidence is not self-incrimination because the government already knows about it: where it is, what it looks like, etc.

The question is, does the foregone conclusion doctrine apply in the Fricosu case?  According to the judge, yes it does.  Based on the evidence and the taped conversation, it's not far-fetched to say that the government knows of the existence of evidence; that's it's on Ramona's computer; and that a password is required to access it.

Of course, the situation is not as clear-cut as the Boucher case because no government official has actually seen it on the computer, nor do they know, based on the conversation, what type of evidence it is (images, spreadsheets, a word processing document, etc).

There is also the question whether Ramona's computer is, in fact, Ramona's.  Sure, it's labeled as such, but this wouldn't be the first time a computer is set up one way and passes its ownership unchanged.  On the other hand, I'm led to believe that there was only one computer that was protected with a password, meaning that Ramona's computer could be easily identified: just look for the one that demands a password.

So, to summarize, there's a computer in Ramona's room, named Ramona, which is the only one that requires a password to access, and, according to a taped conversation, there's certainly a computer that belongs to Ramona which requires a password.

I don't know.  I'm inclined to think that the encrypted laptop is Ramona's.

What I Didn't Know About the Fifth Amendment

Amidst all the articles, comments, and opinions, some have been especially helpful in understanding the situation.

One of the commentators at the site volokh.com gives this helpful explanation:

The 5th amendment is a protection against compelled testimony incriminating oneself. However, you don't have a right to refuse to turn over incriminating evidence — such as documents, video or records of any type.

The issue in the instant case is the defendant was arguing that divulging the password would show that the defendant had ownership/control over the computer — that, not the information that was already contained on the hard drive, is the testimonial aspect. The court simply found that the Feds already knew and could prove that the defendant had ownership/control over the computer and therefore there was no 5th amendment privilege that attached. The contents of the drive may incriminate the defendant more but those contents are not testimonial in nature — only the act of divulging the password is testimonial and the defendant's ownership of the computer has already been established so she is not going to be further incriminated by giving up the password. [volokh.com, disintelligentsia]

The definition of testimony, under the law, according to Wikipedia:

In the law, testimony is a form of evidence that is obtained from a witness who makes a solemn statement or declaration of fact. Testimony may be oral or written, and it is usually made by oath or affirmation under penalty of perjury. Unless a witness is testifying as an expert witness, testimony in the form of opinions or inferences is generally limited to those opinions or inferences that are rationally based on the perceptions of the witness and are helpful to a clear understanding of the witness' testimony.

What the government is seeking is not testimony.

Also from volokh.com:

I think some folks are hung up on the "foregone conclusion" notion.

If the police have a warrant to search the defendant's office for documentary evidence of a criminal fraud and find a locked file cabinet, the warrant reaches the contents of that cabinet. Issues about: (1) "expectation of privacy" in a locked cabinet; or (2) "proof" of what the government believes is in the cabinet are now irrelevant issues. Whatever may be inside is reachable by the police because they already satisfied the Fourth Amendment and got a warrant. This is true even if the cabinet contains evidence of a wholly separate crime, like possession of child pornography.

It has long been the rule that a defendant does not "testify", against him/herself by handing over the key to the cabinet, nor by telling the police where the key is. This is true UNLESS the identity of the owner of the cabinet is in doubt. That's why police questioning resulting in, "here's the key to my cellar door" does not raise Fifth Amendment concerns, while "give us the key to the door behind which the loot is stashed" does. [volokh.com, FmrADA]

Based on what I've covered so far, I'd say that the judge's decision was, strangely enough, pretty straight-forward.  I say strangely enough because, if it's so straight-forward, why all the controversy?  Especially among those who don't appear to be flame-baiting trolls?

Fricosu - Questions Remain

If you go to the volokh.com site (link below), you'll see a very spirited discussion why.  Some pertinent questions:

  • Can you say that plain text data "exists" when it's encrypted?
  • What if you actually don't remember the password?
  • What if the information is doubly encrypted?
  • Is encryption like a digital safe or something else completely?
  • And others

As far as I can tell, the controversy can be summarized like this: let's say that you have a paper document, encrypted by hand, inside a locked safe.  The court orders you to produce the contents of the safe.  Do you only produce the key to the safe?  Or do you also have to decrypt the document?

If disintelligentsia and FmrADA's comments are correct, the document has to be produced in its decrypted form, if the government knows (or can prove that it knows) that the document is incriminating evidence -- even if the government doesn't know what the document's contents are, exactly.  The fact that the document is encrypted is immaterial, since the government knows that its contents are incriminating evidence.  And, producing it is legal because it's not testimony.

On the other hand, if the encryption key exists in the defendant's mind (it's not written down somewhere), then that is testimony.  Does forcing a person not to provide the encryption key but only the decrypted contents provide a way to legally gain access to the document's contents?  It looks like we'll have to wait for a decision from the higher courts.

There are, of course, other approaches listed to explain why the Fricosu decision is wrong...and why it's right.

If I've learned one thing that's unequivocally certain from this case, it's that this case definitely does not claim that decrypting a laptop or giving your password out is not a violation of the Fifth Amendment.  If anything, it appears that every care and effort has been made to ensure that such a claim cannot be made.  The correct headlines should have been "decrypting a laptop or giving your password out is not a violation of the Fifth Amendment...under certain conditions that have applied for decades."


Related Articles and Sites:
http://volokh.com/2012/01/24/encrytion-and-the-fifth-amendment-right-against-self-incrimination/
http://www.wired.com/images_blogs/threatlevel/2012/01/decrypt.pdf
http://technolog.msnbc.msn.com/_news/2012/01/23/10219384-judge-orders-woman-to-give-up-password-to-hard-drive
http://www.wired.com/threatlevel/2012/01/judge-orders-laptop-decryption/
http://www.theverge.com/2012/1/23/2728721/laptop-password-encryption-not-protected-under-fifth-amendment-us-federal-judge-ruling

 
<Previous Next>

Disk Encryption Software: Follow Up On Edmonton Public School Board Data Breach

Data Encryption: Midlothian Council First Scottish ICO Fine, Largest To Date

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.