
Compelled Decryption and the Privilege Against Self-Incrimination - mrleiter
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3248286
======
ohazi
> An assertion of privilege should be sustained unless the government can
> independently show that the suspect knows the password.

I strongly disagree with this interpretation. It's an old argument, I follow
the reasoning behind it (I actually think the author does a good job arguing
in favor of this position), but at the end of the day I'm just too
uncomfortable with how this would work in practice.

During a normal search, they get a warrant, tell you to produce some
documents, and if you don't comply then they go get the documents themselves.
If they can't find the documents, then they can come back to you with
obstruction or contempt charges, but this is the rare case.

With passwords, the rare case becomes the common case. Enough people are going
to suddenly "forget" their passwords that law enforcement and judges are going
to roll their eyes and throw the book at anyone who _actually_ forgets a
password.

I don't believe it's possible for anyone to _prove_ that someone knows a
password. People can forget at any time, for any number of reasons, including
trauma.

What's going to happen when police have evidence that I did, at one point,
know the extra-super-secret password to some old confidential document that I
set up a pgp key to encrypt and promptly forgot about? What about when my
harebrained DIY deniable encryption scheme means that I genuinely don't know
which of the following hundred-thousand files I know the password to, even
though I obviously must know, because I set it up in the first place?

There's no law against being a paranoid doofus.

~~~
asah
legitimate forgetting will rarely arise: law enforcement just captures the
defendant entering the password (e.g. surveillance video).

Face ID is also hard to "forget" :-)

~~~
Retric
Having old devices/HDD sitting around seems to be common in tech and non tech
circles. So, I suspect 10+% of people already have an encrypted device in
their home where they forgot the password. Now, given a few dozen tries they
might be able to recall it, but it’s not something they can just hand out.

~~~
SiempreViernes
I'd be surprised if more than 10% of the population actually ever owned an
external drive... (excepting diskettes)

~~~
Retric
That 10% is including old phones, tablets, computers, USB sticks, and external
backup drives. I suspect old tablets and phones are going to make up the bulk
of forgotten passwords, but the government is going to request every password
for every device.

------
BlackFly
This interpretation of the right to remain silent frightens me.

The example I was always given to point out the need of such a right is the
police saying, "Alright, show us where you buried the body." And if they can
"prove" that you buried the body but you cannot actually take them there
because you didn't bury the body then you go to prison forever.

The government should not have the power to go on a fishing expedition through
my device. If the government can already prove that something illegal is on my
device, then they do not need that thing in order to convict me of a crime. It
is just superfluous to compel me to do things and it is dangerous.

~~~
ben0x539
I really sympathize with the desire to have my computing device extremely
protected against scrutiny because I like to think of it as an extension of my
own memory and cognitive ability etc and don't want to worry about maintaining
an airgap between in-brain capacity and external capacity for liability
reasons.

However I am not very optimistic that this line of argument is going to fly.
Why do you need to search my car for illegal drugs if you can't already prove
that I have them? Why do you need insight into my finances if you can't
already prove that I am evading taxes?

As long as we, in principle, give the legal system a mandate to investigate
crimes, there is always going to be a point where arguments around reasonable
suspicions are going to prevail against privacy concerns. Ultimately I don't
think it's realistic to hope to create a comfortable relationship with a
malevolent judicial establishment by adding some hoop or other for them to
jump through before they get to fuck you over.

~~~
Zak
> _Why do you need to search my car for illegal drugs if you can 't already
> prove that I have them? Why do you need insight into my finances if you
> can't already prove that I am evading taxes?_

The law already imposes those requirements, in theory. A warrant should only
be issued, according to the US Constitution, if evidence is presented to a
judge that it's more likely than not the search authorized by the warrant will
find evidence of a crime. That usually means a non-consensual search is only
allowed when there's already significant evidence of guilt.

If that sounds like a fairly high standard, you're right. It was intended to
be. If it sounds like a higher standard than is often used in practice...
well, you may be right about that too.

~~~
ben0x539
Yeah, so I think that imposing similar requirements for compelled decryption
is not the way forward. There is limited use in instituting high standards if
you fundamentally can't trust the people interpreting those standards.

~~~
Zak
I'd like to see more work on systems with plausible deniability. Many legal
jurisdictions already have compelled decryption

------
michaelt
The precedents on snooping that have served us up to the 1970s are outdated
for several reasons.

On one hand, it's true that where in the past most people would have sent
letter and kept physical record books that could be siezed, the modern
equivalents are often encrypted.

On the other hand, modern phones don't only contain the letters and records
someone in the 1970s would have kept. People have GPS location records,
records of things they've read, heart rate monitor records, naked photos of
their lovers, and all the credentials needed to empty their bank accounts.

There is also a change in scalability; while in principle monitoring on 0.01%
and on 99.99% of the population may be equivalent, in practice a quantitative
difference of so many orders of magnitude is quantitatively different. In the
1970s, trailing someone everywhere was so expensive large-scale monitoring was
impossible, and rules to keep tabs on the impossible weren't needed. In the
modern age, the costs have dropped to a fraction of a penny, but the
protections against abuses haven't kept pace.

Achieving a reasonable balance will be difficult.

~~~
FakeComments
Aside from GPS logs, which of those things wouldn’t have been on your desk,
when the police raided your home office for papers in the 1970s?

The problem is with overly broad warrants, that allow for whole device imaging
— though we sometimes see that with real warrants too, which just grab
everything.

------
michaelmrose
"This paper solely addresses the Fifth Amendment framework for compelling acts
of decryption by entering passwords without disclosing it to the government.
Compelled use of biometrics and compelled disclosure of passwords raise
different Fifth Amendment issues."

Are we to believe that typing it in the presence of officers of the court
doesn't communicate the password to officers? This seems questionable. I'm
sure judges love, technically we are violating your clients rights but as long
as officer smith looks over that away we TECHNICALLY wont be.

Further one can argue both having forgotten a password AND the fifth
amendment. You can argue that the act of trying to unlock it is testimonial
AND that you don't know the password. Prove them wrong.

You could argue that the authorities have presented you with a device that has
had the password changed. If they actually do this do they just get to lock
you up for however long they feel like?

It's probably true in many cases that you can establish that a device was used
by a person, bought by a person, that that person PROBABLY knows the password.
This isn't enough for it to be a foregone conclusion.

This reads like complicated wishful thinking designed to relieve the
prosecution of the burden of doing intelligent police work.

~~~
appleflaxen
> You could argue that the authorities have presented you with a device that
> has had the password changed. If they actually do this do they just get to
> lock you up for however long they feel like?

I am strongly against compelled decryption, but haven't come across this
argument before. I think it's a brilliant point.

~~~
nabla9
Argument that represents unlikely logical possibility rarely wins.

~~~
jamescostian
Except when fear comes into play. You might enjoy reading this:
[https://psychology.stackexchange.com/questions/9200/why-
do-p...](https://psychology.stackexchange.com/questions/9200/why-do-people-
fear-statistically-unlikely-things)

In this particular case, there is a fear that one could get a severe sentence
(e.g. capital punishment) without having even committed a crime, all due to
the police changing their password. If a person is afraid enough of that
(unlikely) potential outcome, they may ignore statistics all together and
follow their fear.

For more examples of how much people ignore probability, consider
[https://money.cnn.com/2017/08/24/news/economy/lottery-
spendi...](https://money.cnn.com/2017/08/24/news/economy/lottery-
spending/index.html) and [https://www.quora.com/How-much-does-a-casino-make-
daily](https://www.quora.com/How-much-does-a-casino-make-daily)

~~~
nabla9
How that fear is supposed to help with court cases? Defendant being fearful
does not help his case.

~~~
jamescostian
I'm not saying people should take the stand and say they're afraid... perhaps
we have different interpretations of the quote from appleflaxen that was
quoted and that you responded to. Here it is:

"You could argue that the authorities have presented you with a device that
has had the password changed. If they actually do this do they just get to
lock you up for however long they feel like?"

I interpreted that quote to be used as potential horror story that could be
created by compelled decryption. As such, the fear that story creates could
make it used as an argument against compelled decryption ("if a court can
compel you to decrypt your files, then $HORROR_STORY is possible! We need to
all fight against compelled decryption!").

A good number of people will get behind that argument, even though (as you
said) that argument depends on an "unlikely logical possibility". And those
people using the fear of that horror story to dislike (and maybe even rally
against) compelled decryption is what my point was about.

~~~
nabla9
I guess I should have mentioned that my comment was about argumentation in the
court.

------
pdpi
A bit meta, but the abstract employs a very interesting rhetorical device:

"An assertion of privilege should be sustained unless the government can
independently show that the suspect knows the password."

On the surface it almost looks like it argues for the opposite position by
using the "Always do A unless exceptional conditions are met" form, but then
guts that by making the "exceptional" condition pretty damn trivial.

------
mistercow
This completely ignores one of the purposes of the Fifth Amendment, which is
to remove the incentive for law enforcement to torture suspects for
information. The fact that you know they have the password has no bearing on
that.

------
jknz
There may be technological solutions to this.

Say your encrypted files need two secrets, one in your possession, one in
possession of a third party.

To decrypt your file, use your secret and ask the third party for their
secret. To get their part of the secret, either call them or type a password
or use some other private key. It can be automatic and fast.

The role of the third party is to block the secret retrieval at any suspicion
of law enforcement involvement. Second secret then cannot be retrieved and the
files are safe.

Also, if you type the wrong password, the third party blocks retrieval and
will reactivate it after investigating whether you are in law enforcement
company.

Law enforcement may try to compel the third party to give the second secret.
Having third party in another country, or multiple third parties in multiple
countries may solve this.

Another idea is that the third party is your lawyer. You shared that second
secret with your lawyer and told him to stop sharing or destroy the second
secret if you ever meet law enforcement.

You get arrested, stay silent, your lawyer is called; before anything else the
lawyer blocks retrieval of the second secret. This may be attorney/client
privilege and would block law enforcement from compelling the lawyer to give
the second secret.

Add some randomness (retrieval of second secret gets blocked with probability
1/10 when the correct password is entered) to get plausible deniability.

Some people could be interesting to pay Apple a lot to implement this. Or some
law firms could start selling such lawyer phones.

Edit: typos, last sentence

~~~
rlpb
> Another idea is that the third party is your lawyer.

Then that isn't your lawyer; rather your co-conspirator.

I'm pretty sure that if you're in a conspiracy with your "lawyer", you'll be
charged together and you'll need another actual lawyer to represent you.

------
bensonn
These arguments almost always seem like encryption is about access to
information but isn't encryption about understanding information? If they are
asking for a key to decrypt then they already have access to the data. If you
write a note nobody will ever have access to- say you slipped it onto Voyager
1, there would be no point in encrypting it. Encryption is to protect against
(possibly) accessible data.

Old-school though experiment- I encrypt all my paper notes using a simple
substitution cipher. They seize my notes and have full physical access to
them. If they don't understand my notes can I be forced to explain my cipher?

If I comply and the unscrambled contents are "RedFalcon has delivered the
ApplePie to the EndOfTheRainbow". This is basically another substitution
cipher. Can I be forced to explain this under threat of jail if I don't
explain it in a way they accept?

I realize modern encryption is way beyond this, and way beyond my
understanding. Has the basic principle of access vs understanding changed?

~~~
fandango
Exactly. It'd like to make this analogy myself: Forcing somebody to decrypt a
drive is like forcing somebody to keep rearranging a bunch of papers/notes (he
or she supposedly produced) until a punishable offence is noticed. Are you not
able to compose a satisfactory result? It's jail for you because you are
hiding something.

------
handelaar
A rare example of a document which you can tell is definitely mistaken without
going any further than its title.

US civics-class-takers will naturally remember learning about how the first
ten amendments to the constitution are commonly referred to as the "Bill of
Privileges".

------
nickdothutton
There's no legal/moral/ethical silver bullet here.It's a difficult enough
problem even without allowing for the possibility of a tyrannical/abusive
state (which you could argue is a failure mode of a democracy, and is less
rare than you think).

------
dbg31415
Encryption is a human right.

We all agree that we shouldn't be compelled to testify against ourselves.
Right?

Ok... now let's think of Geordi La Forge.

Were he to commit a crime, could the government compel him to produce
encrypted recordings from his visor?

And hopefully you'll come to the conclusion, "No, because that visor is part
of him. He shouldn't have to give up his sight just to maintain his ability
not to testify against himself."

And from there it's just a few steps towards, "Yes, I do need my cell phone to
be a productive human... and yes, tech I need to be a productive human should
be covered under the same protections as I am."

Plenty of other ways for cops to catch the bad guys.

~~~
pif
> Encryption is a human right.

Who said so? UN? Some Constitutions? Who?

~~~
eadmund
Well, _I_ assert that encryption is a type of arms, and that it's the right of
every free man (so, children/prisoners/&c. are excepted) to own, bear & use
arms peaceably.

In the U.S., one can make an argument that the Second Amendment protects the
right to encryption.

But even if no constitution or law in the world protects a right, it's still a
right — just a right without legal recognition.

~~~
loup-vaillant
> _Well, I assert that encryption is a type of arms_

I wouldn't. Arms helps you kill or hurt people. Encryption hides information.
Both functions can be used as a means to protect yourself, but its really a
stretch to compare arms and encryption. Da-Vinci's mirror writings were as
comparable to a rapier than AES-CGM is comparable to a hand gun. That is, not
at all in my opinion.

As a citizen, I would argue that the right for encryption is closest to
freedom of thought. My private thoughts don't have to be confined to my brain,
I should have the right to memory prosthetics (I mean a computer) as well.

 _(Edit: of course, the decision to classify encryption as munition was
ridiculous. How it combines with the second amendment (which I happen to
mostly disagree with), is just a fortunate coincidence.)_

------
lsiebert
i don't understand how this can be an argument regarding the 5th amendment
right against self incrimination if it doesn't address schmerber vs California
([https://supreme.justia.com/cases/federal/us/384/757/](https://supreme.justia.com/cases/federal/us/384/757/))
which found "Since the blood test evidence, although an incriminating product
of compulsion, was neither petitioner's testimony nor evidence relating to
some communicative act or writing by the petitioner, it was not inadmissible
on privilege grounds."

I'm not an expert, but I'd note that Fisher Vs. United States which gets
brought up several times was about the accused individual's lawyer producing
documents the individual had given them. And a large part of the judgment in
the case is the difference between ownership and possession (as seen in the
decision of couch vs. united states which it relies on).

In any case fisher said that you couldn't be compelled to testify to affirm
the truth of the contents of the documents sought and that the password would
decrypt them. But decrypting files is affirming a truth in the documents
sought, as the government lacked testimony of their encrypted existence on
that hard drive and of the passwords ability to unlock them.

------
salawat
The problem in my mind comes in when you look at what type of systemic abuse
you enable by throwing "common sense" out the window.

Suddenly, every chunk of 0's and 1's in the hands of an
unscrupulous/ambitious/pressured prosecutor becomes a ticket to indefinite
incarceration.

For every criminal this practice may help collar, I see too much potential for
and utility as a form of political and civic suppression. Someone being
problematic? Have the geek find evidence of what might be an encrypted volume
and order the problematic person to supply the keys to open it. Presto. Enjoy
your time in the Klink.

You can't let such harmful precedents stand. Heck, who is to say someone
doesn't just write a worm to create small encrypted caches on everyone's
machine? Does that then put everyone in a Spartacus situation?

This is dangerous ground in which the courts are treading, and no less than 2
Constitutionally defined rights are in conflict.

Personally, I prefer a system with maximum difficulty with regards to the
cessation of Rights. A government empowered to ignore your Rights is well on
the road to hell. There is a balance somewhere, but I am at a loss as to where
it is at the moment. Where ever it is though, it isn't on indefinite cessation
of freedoms just because the State has a hunch there might be something
relevant they can't read.

------
libeclipse
I'd also recommend this other interesting read by the same author and co-
authored by Bruce Schneier:
[https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2938033](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2938033)

------
LinuxBender
This will be an unpopular opinion, but hopefully enough people were paying
attention in school when they taught the concepts of mutually assured
destruction. Hopefully a percentage of the population have time based
countermeasures moving along in the event that the courts get too muddied by
poorly defined laws, or laws with excessive intentional wiggle room for
interpretation. I am probably fantasizing. It might explain why I enjoy
dystopian films. My fantasy is that people will rise above a broken system
rather than playing their game.

------
jimison
The paper is arguing FOR self-incrimination, not against it.

------
baybal2
Author: Orin S. Kerr

~~~
swebs
Am I supposed to know who that is?

~~~
mirimir
If you follow this stuff, arguably yes.

~~~
snvzz
Why should I need prior knowledge to follow the conversation?

Just describe who that is, and why it is relevant to mention it.

~~~
mirimir
I'd say that one needs prior knowledge to follow maybe 70% of HN posts. And
some of it's quite arcane.

I could have linked the Wikipedia article, but that's getting pretty close to
LMGTFY, no?

------
NoblePublius
Passwords are keys. Providing a key to your safe is not self incrimination.
The 5th is unquestionably specific to self incriminating testimony.

~~~
bcgraham
Providing the _combination_ to your safe seems like a closer analogy, and I
believe it is protected from compulsion by the Fifth Amendment.

~~~
ams6110
A safe can always be opened by force.

An encrypted file cannot, assuming a suitably complex password.

~~~
philjohn
Until you get to an encrypted file that has such a complex password it would
take all of the energy and longer than the heat death of the universe to
compute, it's just that you can't open it by force within a suitable
timeframe.

~~~
DuskStar
An encrypted file cannot, given P!=NP (and a host of other assumptions, but
P!=NP is the foundation), be decrypted.

So require proof that the file is not decryptable by other means before you
can compel entering a password ;)

