
EFF: forced disclosure of encryption password violates 5th Amendment - there
https://www.eff.org/press/archives/2011/07/08
======
boredguy8
The only way the password itself can be self-incrimination is if it's
something along the lines of "fraudrealestateisfun". The government said,
"Fine, don't tell us the content of the password: enter the password so that
we can access the contents of what's behind it."

People's arguments that you have an expectation of privacy are irrelevant: you
have a genuine expectation of privacy in your home. If the state shows there's
a compelling interest to enter your home (i.e. obtains a warrant), you can't
stop them. Similarly, you can't stop them from decrypting your data. Well, you
can, but you're going to suffer as a result.

Similarly, you don't have to show your hiding places. Suppose you had an
encrypted folder structure and one of the folders was hidden to someone who
doesn't understand how to see hidden folders. You don't _have_ to say "there's
a hidden folder", just like you don't _have_ to say, "There's a false floor."
Encryption isn't a 'hiding place': they've found the data.

Encryption is a locked door. The state wants to know what's behind it. Opening
your front door to the police holding a warrant isn't self-incrimination (i.e.
it in no way points to your guilt or innocence). Similarly, entering the
password to your encrypted drive isn't self incrimination _if_ the state has
proved you're the sole possessor of the device.

Although the only way the password content can be incriminating is via the
language of the password, the fact that a password works on a particular
machine may be incriminating. This is the only line of argument that could
work, for what it's worth, and none of these 'privacy' lines of argument.
"Your honor, the state has no compelling basis for thinking my client had
possession or knowledge of the drive in question. Compelling my client to
enter a password on the chance it could unlock the files would prove that they
did have possession or knowledge of the drive." &c. But once the state can
show it's your encrypted data, it's game over. Fortunately, it's this
"foregone conclusion" line of argument that the EFF actually pursues, and not
the 'Privacy' line that seems to be popular in these replies.

~~~
ldar15
Detailed. But wrong. Although courts and DAs have tried to argue that a
password is like a physical key, or tried to give you immunity for speaking
the key, higher courts (e.g. the 5th circuit of appeals) regard giving the
password as testimony - and therefor protected by the 5th.

Although passwords are new, combination locks are not. There is a lot of case
law on this.

[http://www.google.com/search?q=5th+amendment+combination+pas...](http://www.google.com/search?q=5th+amendment+combination+password)

"In distinguishing testimonial from non-testimonial acts, the Supreme Court
has compared revealing the combination to a wall safe to surrendering the key
to a strongbox. The combination conveys the contents of one's mind; the key
does not and is therefore not testimonial. A password, like a combination, is
in the suspect's mind, and is therefore testimonial and beyond the reach of
the grand jury subpoena. "

Edit: Why it matters in this case: FTA "the government seized an encrypted
laptop from the home she shares with her family"

The government cannot prove that the laptop is hers. If she provides a
password, _and it works_ she has proven that the laptop is hers, and further
that the contents are under her control. Therefor the act of provided the
password would be testimony.

~~~
Confusion
This is interesting. In all discussions on this subject, the comparison to
physical keys comes up and the trivial conclusion is that passwords are not
protected under the 5th amendment. If combinations to wall safes _are_
protected by the 5th, I'd say the situation is clear cut: a password is
_exactly like_ the combination to a safe. You'd have to give up physical
tokens required to login/boot a device, but not the subsequent password.

This interpretation is strengthened vastly by the fact that the EFF is arguing
this case. They are not known for attempting to argue futile points.

~~~
narag
_a password is exactly like the combination to a safe_

I disagree. A safe is a physical object that contains other physical objects.
It can be forcefully open.

OK, maybe there are some very sophisticated safes that would act _exactly_
like a password, not allowing to extract the objects inside without damaging
them beyond recognition.

But I'd say it's the exception. Possibly helped by the safe manufacturers, the
police will eventually access the contents of most safes.

This situation creates a different set of incentives. You can open your safe
as soon as the judge requests it, or you can wait to be punished for refusing
and the safe be opened forecefully later... that will uncover what you were
hiding anyway.

Edit: I'd like to add that the punishment for not telling the password is a
very, very, very bad idea. It's impossible to produce a password that you
don't know. It's impossible to demonstrate that you don't know a password.
It's impossible to demonstrate that a file is just a pile of random garbage
instead of an encrypted one. Setting a punishment for things that are
impossible to objectively know doesn't seem a good idea.

~~~
pavel_lishin
> A safe is a physical object that contains other physical objects. It can be
> forcefully open.

A computer is a physical object. A hard drive contains data, physically, much
like papers in a safe contain data, physically.

And it can be forcefully opened, too - it's merely a matter of magnitude of
effort. Cracking a safe could take hours or days, cracking a password could
take millennia. It should not be my problem that the government has locksmiths
with drills on staff, but not supercomputers capable of breaking encryption.

------
spoondan
Encryption is not just something computers can do. You can encrypt your
handwritten notes. If you do so, can the government compel you to tell them
what you have written? If they cannot, how is this different from having a
machine act as your agent in the encryption?

~~~
hammock
Great point. I am reminded of organized crime outfits who keep two ledgers,
the real one being encrypted. There has to be some case law on that somewhere.

------
hncommenter13
I am not a lawyer, but note that the original article (describing an amicus
brief filed by the EFF, which is essentially an argument submitted by a party
not involved directly in the case) is talking about 5th amendment rights, not
4th amendment.

The 4th amendment covers search and seizure (the case of a locked file cabinet
inside a home for which a proper search warrant has been obtained), while the
brief is focused on the 5th amendment question--is providing a password
testimonial? The key question is not whether the information on the laptop
must be disclosed to the government (we assume the subpoena is proper and if
the laptop were unencrypted, the government would have the right to use it at
trial), but whether the act of providing the password demonstrates a key
element of the crime: that the defendant had control over the laptop and can
therefore be assumed to been aware of/responsible for the creation of its
contents.

In other words, is providing the password a neutral fact--as in Hiibel vs. 6th
Judicial District of Nevada, where the Supreme Court found a law requiring
individuals to provide a name when stopped legally by law enforcement--or is
it self-incriminatory?

The Supreme Court has ruled on similar questions in several instances. See
<http://volokh.com/posts/1197763604.shtml> for a discussion from a law
professor who specializes in 4th/5th amendment issues.

~~~
sigzero
I am not a lawyer either but I see the courts going the "neutral" route.

~~~
sigzero
Actually...there is a post above about "link to evidence", so I can see how
that would work out now. Ignore the above post.

------
teeray
Encryption is not like a safe. In a safe, you close the door, lock it, and the
contents remain unaffected. Cutting through the back of the safe would yield
the same contents. In this way, safes are more like BIOS passwords. The
password is written to the hard drive and the BIOS acts as a gatekeeper.
However, there's no reason you couldn't use a BIOS designed to ignore the
presence of a password.

If we were to design a physical analog to encryption, it would be more like a
matter scrambler. You place your diamonds, jewels, insurance papers, etc. (or,
in this case, incriminating evidence) onto a platform and enter a password.
The contents of the platform are TRANSFORMED into a pile of pebbles, dirt, and
dust which you sweep into a bag. The bag's contents are indistinguishable from
anything else in your yard (Remember, GOOD encryption is indistinguishable
from randomness as both encrypted data and random numbers do not compress
well). The proper password will cause the matter scrambler to reproduce the
valuables but otherwise will just yield more dirt, dust, and pebbles.

It is therefore an ACTIVE process to reproduce incriminating evidence in a
case by decrypting data. One is not providing access to already existing
evidence, one is PRODUCING it from pure garbage.

Ordo ad chao ac ordo ab chao.

~~~
biot
And TrueCrypt's plausible deniability lets you provide a password that
reconstitutes the scrambled matter back into a McDonald's Happy Meal.

------
ataggart
In the a whirlwind of broken analogies and broken precedent, one question
seems to be largely missing: what grants the federal government the power to
compel someone to assist in their own prosecution?

The 4th Amendment, via the warrant provision, grants the power to search
places and seize persons or things. It does not grant the power to compel
individuals to open their doors or put on their manacles.

The 5th states in part: "nor shall [any person] be compelled in any criminal
case to be a witness against himself". Many act as if the existence of a
specific prohibition is a grant of power in every other area.

Alexander Hamilton's objections in Federalist No. 84 seem quite prescient:

 _I go further, and affirm that bills of rights, in the sense and to the
extent in which they are contended for, are not only unnecessary in the
proposed Constitution, but would even be dangerous. They would contain various
exceptions to powers not granted; and, on this very account, would afford a
colorable pretext to claim more than were granted. For why declare that things
shall not be done which there is no power to do? Why, for instance, should it
be said that the liberty of the press shall not be restrained, when no power
is given by which restrictions may be imposed? I will not contend that such a
provision would confer a regulating power; but it is evident that it would
furnish, to men disposed to usurp, a plausible pretense for claiming that
power._

The great unintended consequence of modern constitutional arguments has been
to change the perception of the federal government from one defined by a
closed set of powers, into one defined by a closed set of prohibitions.

------
linuxhansl
I am somewhat on the fence with this one. If the police comes to your house
with a warrant, they have the right to search your house. You cannot actively
stop them, but do you have to help them searching your place? I.e. do you have
to open the door or hand over the keys to the house? Or - maybe more to the
point - show them where your hiding places are?

IANAL, but my gut reaction would be that on ethical grounds you do not have to
help in the collection of evidence against you. If the police cannot decrypt
your drive that is their problem, not yours.

------
vonSeckendorff
I was under the impression that previous rulings with regards to safes and
keys did not carry over to combinations, i.e. one could be compelled to
surrender a key but not the combination to a safe. Whatever the case, I think
it's foolish to argue by analog.

Do you think the government ought to have the right to invade a person's mind
and analyze its contents? I find that idea repugnant - under no circumstance
should the mind be available to third party scrutiny. Personally, I consider
my laptop as an extension of my mind. Much in the same way I don't go around
sharing every errant thought I have with the world, I have password protected
my laptop and encrypted its contents.

I concede that my personal feelings do not make for a convincing argument, so
instead consider this: In the future, probably in the very near future,
computers will directly interface with the brain and will provide all sorts of
computational assistance - information search, number crunching, memory
storage and lookup, communication we can hardly dream of... Cybernetic
implants would indeed be an extension of one's mind, and I think most of you
here would argue for its protection. The users of these devices would be
living in a dystopia if they had to censor their thoughts and usage of their
cybernetic brains!

And well, frankly, I don't see much of a difference between a neural interface
and a digital (fingers) interface.

~~~
nl
_Do you think the government ought to have the right to invade a person's mind
and analyze its contents? I find that idea repugnant - under no circumstance
should the mind be available to third party scrutiny._

Government are already doing that. There are already numerous precedents for
compulsory polygraph tests[1], which would provide a precedent to use a more
effective mind interface.

[1] eg:
[http://en.wikipedia.org/wiki/Polygraph#Use_with_sex_offender...](http://en.wikipedia.org/wiki/Polygraph#Use_with_sex_offenders)

------
karzeem
Suppose you've been charged with a crime and the police have obtained a
warrant to seize the contents of a safe you keep in your house. American
courts have ruled that the 5th Amendment does not protect you from being
compelled to open the safe.

That precedent doesn't bode well for this case. I don't see a qualitative
difference between the contents of a safe and those of an encrypted drive.

One workaround: fail-deadly. Automatically wipe the encrypted data if the
password isn't entered every n days. With a small enough n, the courts can't
move fast enough to get the data before it's gone. (Whether this scheme
constitutes obstruction of justice, I have no idea.)

~~~
tlb
The difference is that any safe can be opened anyway in a few hours. A judge
faced with a defendant unwilling to reveal the combination to a safe would
figure he was just making things difficult, order a locksmith and find him in
contempt. Requiring people to reveal safe combinations doesn't change their
legal rights, it just saves time and mess.

A properly encrypted disk is undecryptable by anyone, and owners have a
genuine expectation of privacy for things on it. So revealing the key
materially affects the evidence. It is clearly something the 5th amendment was
meant to protect against.

~~~
sliverstorm
Not true. A properly encrypted disk can be opened in a few thousand or million
years. The judge can just order a decryption specialist and find the defendant
in contempt.

Unless you're saying it's about "how inconvenient" it is? Because there is no
encryption on the planet that is 100% impossible to decrypt.

I am perhaps being a bit snarky, but I think it's a valid question. You pose
it like disk encryption is impenetrable, which it is not.

Edit: normally I don't care about downvotes, but I would really like to know
this time; why do you believe it not valid? I am interested in what you have
to say.

~~~
gregschlom
I haven't downvoted you, but I think OP made a valid point highlighting how
encryption differs from a safe, while you are, in my opinion, nitpicking on
details.

For the practical purposes of a trial, I believe a well encrypted drive _is_
100% impossible to decrypt, while a safe is relatively easy to open. Again,
the point here is to assume good faith and think about a real situation, not
if it's hypothetically possible to decrypt it.

~~~
ColinWright

      > ... you are, in my opinion, nitpicking on details.
    

Isn't that more-or-less the practical definition of what lawyers do? Isn't
this more-or-less what the courts are for?

------
dchest
Most of comments and articles about this issue focus on encryption, but I'd
argue that _authentication_ is far more important part for this discussion.

When using stream ciphers you have two pieces of data of exactly the same
length, which you merge (XOR) together to get a third piece of data.

(Stream ciphers are essentially just a way to extend your short piece of
random data into the longer piece of data -- keystream -- of the message
length).

Thinking this way, "key" is not at all like door key, not a combination lock,
and not instructions for constructing data -- it's just another piece of data,
which you possess, maybe in your mind only. It's called "key" only for
convenience.

Now, after encryption, you own two pieces of information -- keystream and
encrypted text. There is no right way to produce the original data unless you
know what the original data is: any way of combining encrypted texts with any
other data will produce _correct results_ , but not always the _original
data_. The meaning of the result depends only on interpretation; and the only
way to learn with 100% certainty that the decrypted data is really the
original data is to _ask you_ (provided that you don't lie). For example, it
is theoretically possible that "I love US" encrypted with one keystream and
decrypted with a different keystream will produce "I'm a spy", but only you
can certify that this interpretation is wrong, because you know what the
original said. And the only way to learn this, is to ask you to testify
against yourself.

In order to have an interpretation that the decrypted data _is_ the original
data with less than 100% certainty, but without having to ask you, is to use
authentication. You have authenticated data, for example, by applying some
authentication function, and providing the result of the authentication
function along the encrypted text. What do authentication functions do? They
tell, with some limited but high probability, that you used _this_ keystream
and/or _that_ plaintext to produce encrypted text. Let's say, you used HMAC
for authentication. By applying HMAC with your "key" (it can be derived from
the encryption key or just a new piece of data), for example, to encrypted
text, you certified that this "key" was used to encrypt original data. Is it
an act of testifying against yourself to provide the piece of information
(authentication key) that will tell with high probability that the original
data _is_ the decrypted data (or the keystream _is_ the one used for
encryption)?

(PS I know that courts don't deal with 100% certainties, but forget about it
for a moment :)

------
Sapient
I am not an American, but I can't imagine that this will ever hold up.

In a world where filing cabinets and office safes are vanishing, the courts
would be cutting off access to a major source of evidence they need for
successful prosecutions. Financial crimes would become much harder to
prosecute, and many "digital" crimes could become impossible.

I just cant imagine your government allowing that. The only alternative I can
imagine is them making unbreakable encryption illegal for civilian use.

~~~
ajross
Illegal strong encryption was, in fact, the law for many years. It was changed
only when it was realized that the lack of robust security was harming the
emerging "e-commerce" markets. Certainly it wasn't due to a concern about 4th
and 5th amendment rights.

~~~
jdhopeunique
Certainly the export of strong encryption technology was illegal, but the
domestic use was not as far as I'm aware. Which law made strong encryption
illegal?

~~~
nl
Strong encryption was never illegal, but there was speculation that the
Clipper chip[1] was the first step towards making it so.

[1] <http://en.wikipedia.org/wiki/Clipper_chip>

------
blhack
Would it be totally ridiculous to argue that the encryption key is more like
instructions for _constructing_ data?

"Take these raw materials, and run the machine according to these
instrctions:" seems functionally equivalent to "take this chunk of useless
data, and run the machine according to this decryption key:". An incorrect
decryption key produces data, it just produces _garbage_ data, yes? This would
be the same as providing poor instructions to the machine.

In this way, the court isn't asking you to reveal evidence, they're asking you
to construct if for them.

Once it's been encrypted, it's been destroyed. "Decrypting" is analogous to
"rebuilding".

~~~
mahadri
The decryption key doesn't construct data anymore than the combination to a
safe constructs the papers inside it. The data exist independently of anyone's
ability to read them.

~~~
campnic
I disagree. It is entirely possible to have a set of bits the can be
'decrypted' with different keys producing different results. One key might
produce a set of cartoon pictures, another might produce financial records.
The simple safe analogy seems to break down around this. Only one key unlocks
a safe. Every key can be used to decrypt something that is encrypted, but
unlike a safe, its not guaranteed what goes in comes out. I would argue that
the data only exists if it can be read and that providing a mechanism for
reading the data is establishing the existence of the data.

------
RexRollman
I support the EFF in this case because the government is trying to compel this
woman to assist in her own prosecution and I feel that is just plain wrong.

------
tlrobinson
This seems obvious to me. Why is it up for debate?

~~~
ams6110
The counter argument is that the encrypted hard drive is like a locked filing
cabinet in your house, which can be searched if a proper warrant is obtained.

~~~
cft
Do you need to provide a key for a locked filing cabinet to the authorities
though? They are free to break the lock with a proper warrant.

~~~
karzeem
You don't need to provide the key, just access to the contents. Or they can
break the lock. But an encrypted drive is like an unbreakable lock.

~~~
tlrobinson
If you had an uncrackable safe could they compel you to open it though?

~~~
karzeem
Yes. They can't compel you to give them the _means_ to open it (e.g. tell them
the combination), but you can be forced to open it for them.

~~~
cft
Then if you are guilty say of murder, the best strategy is to refuse. In that
case, you'd be only liable for contempt of court.

~~~
abalashov
That depends on whether they can hold you indefinitely for contempt of court.
It has been my understanding that in some jurisdictions, they can.

------
molecule
"Enter Passphrase for /Devices/DOOMSDAY/:"

------
ldar15
IANAL, but the 5th circuit appeals court has ruled that the 5th amendment
means that a person cannot be forced to give up the combination to a lock. It
is informational, and it _is_ testimony.

Any discussion of a physical key is without merit. A physical key, is not the
same as a "encryption key". For the purpose of law, an "encryption key" is the
same as a combination to a safe.

There's actually a ton of precedents on this. Google 5th amendment and
combination lock.

The _reason_ it is testimony is because if you provide a password _and it
works_ then you've just proven that the contents are yours: you have
incriminated yourself. If the prosecution can prove that the contents are
yours without the password, then at that point you can be forced to give up
the password.

Takeway: your encrypted drive had better have a _different_ password than your
login, and you'd better be able to deny that it is yours.

EFF will win.

~~~
tzs
Knowing the password to encrypted data does NOT prove that the data is yours.
People often know other people's passwords.

~~~
WettowelReactor
If the data is incriminating then you may be just as liable under the law.

