in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

US Fifth Amendment Rights: Suspect Cannot Be Compelled To Surrender Encryption Password

The United States' Fifth Amendment and encryption software like AlertBoot have a complicated relationship.  The question is: can the government force you to reveal your encrypted data?  The answer: it's complicated and depends on the situation.

However, it looks like things are beginning to converge towards certain key ideas.  While nothing will be definitive until the issue is addressed at the highest courts in the nation (and not for lack of trying), a handful of cases are allowing one to converge upon when forcing a suspect to give up a password or to provide decrypted data would be a violation of a person's Fifth Amendment rights (and when it isn't).

In Re The Decryption of a Seized Data Storage System, 13-M-449 (E.D. Wis. 2013)

In re The Decryption of a Seized Data Storage System, the latest "encryption vs. the Fifth Amendment" case I've come across, a man is accused of storing child pornography in several encrypted computer hard drives.  The FBI, after unsuccessfully trying to gain access to these disks for four months, attempts to coerce the suspect to decrypt the disks.  The suspect refuses to do so, pointing it would be a violation of his Fifth Amendment rights.

So far, this is no different from the handful of past cases that dealt with the same issue: the John Doe case from 2012; the Fricosu case from 2011; and the Boucher case from 2009. (Incidentally, including Seized Data Storage System, three out of the four cases involve child pornography; however, this law is important for all sorts of reasons).

Seized Data Storage System a different from the others because the judge in charge ruled that coercing the suspect into decrypting the data is a violation of his rights.  Of the three previous cases I've quoted above, the John Doe case resulted in a win for the suspect, whereas the Boucher and Fricosu cases resulted in the courts ordering the suspects to provide decrypted data.

Despite the different outcomes, it's now clear that the three cases were following established procedures and legal precedents.  This fourth is just another data point that shows what's what.

Data Encryption Software, US Fifth Amendment, Foregone Conclusion, and Act of Production

While going over the Fricosu case a couple of years ago, I happened upon some material that explained how the government could legally coerce a defendant to produce evidence against himself without trampling on his rights.

Now, I'm not a lawyer, but basically, it's revolves around the doctrines of "foregone conclusion" and the "act of production."  For example, forcing a suspect to produce evidence is not against one's rights if the government already knows about the evidence.  The suspects may refuse to do so, but then they're in contempt of the court that made the order.

In the case of Seized Data Storage System, the judge concluded that the act of providing a password, either directly or indirectly, would work against the suspect.  It would give them information that the government has no other way of confirming whether it exists.  Hence, the Fifth Amendment rights kick in.

(More specifically, the judge called it a "close call".  If you go over the Fricosu case, you might get an idea why: as far as I know, it was never admitted by the defendants that they held data in their laptop.  A tape recording, however, revealed that the defendants had some kind of data that they wanted to keep away from the government's lawyers).

All of this is still in line with the courts' rulings over the past five years.  Unless something dramatic happens, it looks like the courts are basically in cruise control mode.

Related Articles and Sites:
http://www.wired.com/threatlevel/2013/04/encrypt-your-data/
http://arstechnica.com/tech-policy/2013/04/fifth-amendment-shields-child-porn-suspect-from-decrypting-hard-drives/
 
<Previous Next>

Canada Data Breaches: 3,000+ Cases Over 10 Years, Affects 725K

Data Backup Encryption: Kmart (Inadvertently) Suffers Data Breach At Gun Point

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.