It sounds like this ruling is more against indefinite detention than a ruling that allows you to invoke the 5th before handing over your passwords. The quoted text above  tells me that the courts have thus far not recognized any right to keep your data encrypted against the wishes of law enforcement. Maybe it means they can only lock you up for 18 months, but I don't see how this changes things appreciably. I guess if the crime you're accused of carries a sentence worse than 18 months, it might be worthwhile, but who knows...
This would seem to imply that if the government has ample evidence that you murdered someone, they can require you to admit to it in court.
The rule make very little sense. I would not bet in favor of it continuing for long. The whole idea that the prosecutor is only asking for the container and not the content was extremity transparent to begin with, and judges who have rejected that argument have said just that. In that case the conclusion the judges made is that a request for the container (ie the unencrypted device) is the same as a request for the information itself, and thus should be seen as such.
It all comes down to the duck test. Is the request for the decrypted container similar as asking directly for the content to be written down by the accused, or spoken about in the form of a testimony? Does it has the same purpose and the same result?
In the hard drive case and the hypothetical body location case the government is trying to compel speech that directly leads to incriminating evidence. That seems like a solidly 5th amendment issue to me.
I don't think these two situations are the same. When you run a business there are legal requirements to retain data, and provide that data when audited. The police telling you to tell them were you placed a notebook doesn't seem like an equivalent situation. And how can the police prove you wrong if you say you forgot where you placed it? In fact this is what the defendant alleges:
> A judge ordered Rawls to decrypt the hard drives. In its recent ruling, the 3rd Circuit Court of Appeals described what happened next. Rawls "stated that he could not remember the passwords necessary to decrypt the hard drives and entered several incorrect passwords during the forensic examination."
By producing other evidence that suggests that you’re lying (eg. metadata or witnesses suggesting that you recently entered the correct password). In this case the judge had to reject Rawls’ claim of lost memory in order to find him in contempt. Maybe the judge’s finding of fact was wrong, but that’s not what the case is about now.
People have forgotten passwords in a matter of minutes in some cases. Not to mention, this guy has been held in prison for 4 years. Plenty of time to forget a password. Forget the password to an encrypted drive is a life sentence?
I'd also note that giving the government your books is required by financial laws as a condition do being allowed to do business, it's not testimony or your general obligation of cooperating with an investigation.
Another way to look at it is that the only real evidence in court is witness testimony; everything else is just window dressing. Thus we have the Fifth Amendment: "[no person] shall be compelled in any criminal case to be a witness against himself."
How does that get turned into a rule that a defendant can't be forced to divulge information outside court? Because to be admissible in court such information would normally require the defendant to be a witness. If it's not admissible then there's no legitimate basis for the state to compel an act. That leads to two corollaries: 1) if the person isn't a defendant, or is given immunity, he would never be required to be a witness against himself (just a witness against someone else), and thus the Fifth Amendment isn't implicated; 2) if the evidence obtained from the information would be admissible without the defendant's testimony, the Fifth Amendment likewise isn't implicated.
#2 is the case here. Because the government can already show ownership of the hard drives through other witness testimony (e.g. testimony of a relative, purchase receipts, etc), it would be categorically unnecessary for the defendant to testify in court to the incriminating act of divulging the password. However, if for some reason it later turned out that the government couldn't show ownership independently, then of course the hard drives would be inadmissible; not because of the forced password disclosure, per se, but simply because the defendant himself couldn't be compelled to be a witness to his act of divulging the password--an investigator couldn't testify that the defendant disclosed the password as that would be hearsay. But such a turnaround is rare as a court won't compel disclosure unless it's clear there's ample independent and admissible evidence of ownership.
 There are lots of exclusions and exceptions to hearsay, especially regarding defendant admissions, but they're disallowed if they would effectively nullify the spirit of the Fifth Amendment if permitted for compelled acts. If you're a strict textualist, as most conservative-leaning people believe themselves to be, then one would presumably be okay with permitting those exceptions, particularly those exceptions which existed at the time of ratification of the Fifth Amendment.
I don’t particularly like that train of thought, but given (for example) the higher court’s willingness for the sentence “I want a lawyer, dawg” to be a request for canine companionship and not one asserting a 6th amendment right to counsel, I don’t think I’m wrong.
I think some courts have been squeamish about forced disclosure, sometimes because they hold a more liberal interpretation of the Fifth Amendment that relies on broader principles, sometimes because the situation is often far more complex and uncertain (if not completely incomparable to the hypothetical context I relied on) and they rightly err on the side of protecting the defendant's rights.
In this [EDIT: hypothetical] case I believe this analysis is the correct one, not just because of the text but also the purpose and history of the Fifth Amendment. It's not the proper vehicle to push other principles and legal theories that would restrict such forced disclosure. I lean rather liberal when it comes to constitutional interpretation, but at the same time rights built on sand aren't rights you can rely on. The law in this area seems muddy and precarious precisely because the liberal narrative is too incoherent. (Note: The liberal narrative in this case--that forced disclosure of a password is categorically barred, notwithstanding the intricacies of the rules of evidence--isn't politically partisan. Thus my subtle dig at contemporary conservative constitutional interpretation, which is often incoherent itself.)
EDIT: To be clear, in the case discussed in the article almost everything is more complicated than the simple hypothetical. I was responding at a point in this thread where the discussion already had become abstract.
An unecessary personal detail: I wouldn’t describe myself as leaning liberal on constitutional interpretation (although all my Writs would lead one to assume I am firmly in favor of it), I certainly see myself as a die hard centrist in this area.
I have never seen any authority for the view that the Fifth Amendment was intended literally to prevent the accused from being called as a prosecution witness at trial, as opposed to creating a general privilege against self-incrimination. For example, in Brown v. Walker (1896) , an early Fifth Amendment case, the Supreme Court said:
> the States, with one accord, made a denial of the right to question an accused person a part of their fundamental law, so that a maxim which, in England, was a mere rule of evidence became clothed in this country with the impregnability of a constitutional enactment.
I'm pretty sure it's relatively simple for police to break into offices and take financial records. I would imagine it happens relatively often, because simply asking a suspect to give up their books seems more likely to result in them attempting to hide or destroy their books.
The reason police and prosecutors don't like encryption is because they can't use violence to acquire what they want, at least directly. They need new (or at least specifically-clarified) laws about what they can do to you to make you decrypt your data.
This is precisely why "Obstruction of Justice" is a criminal offense with severe penalties available. The question then becomes: is deliberately encrypting and refusing to provide access to those books obstruction?
I know the folks here would argue otherwise, but IMHO it's not at all a clear argument legally. The original reasoning behind the fifth amendment was that without that protection the government would be tempted to use coercive tactics to induce a false confession. It's designed to prevent the torture of accused witches, not to be a literal get-out-of-jail-free card for crypto nuts.
Since email deletion policies aren't obstruction until you're told to suspend them, there's no way an encryption policy is obstruction.
> to be a literal get-out-of-jail-free card for crypto nuts
Pff. It's not like simply not writing things down is a get out of jail free card.
So technicalities like you're invoking (is refusing to do something "obstruction" or not?) need to be balanced against technicalities on the other side (is providing a decryption key "testimony"?). And when courts have had to make decisions like this they've almost always done it by splitting the difference in some way instead of finding an absolute interpretation on one side or the other.
I'm not saying I disagree with you in principle, I'm saying that very reasonable courts might not. This isn't a cut and dry argument, at all.
No, this requires a warrant in the US for it to be lawfully used as evidence.
It's worth noting that the defendant in question was told to unencrypt the devices by the courts, which is pretty much in effect the same thing as a warrant, so it's not as if the government was torturing him to decrypt the data; the court had already decided it was material evidence in a case.
But if you wrote in a made-up language that only you know, can they force you to translate it?
I in no way want the following to appear that I have an opinion as to anything regarding Trump’s anything, but
2) Trump was acquitted because of the way the US impeachment process is set up, if I am sure of anything, it is the fact that no votes to acquit where based in any way on Seklow’s arguments about presumption based on the 5th amendment.
0 —> https://digitalcommons.law.umaryland.edu/cgi/viewcontent.cgi...
Watch that video. Then watch it again. Schedule a yearly watching or three.
Because innocent people do get wrongly convicted. If you don't want to be that innocent person, you might have to assert your rights, including your Fifth Amendment rights.
Note that the Fifth Amendment does not say that you can't be forced to incriminate yourself, as many TV courtroom dramas wrongly imply. Statements like "the mob takes the Fifth" are based on that kind of incorrect reading of the Amendment.
The Fifth Amendment actually says that you can't be forced to be a witness against yourself. A witness can provide testimony that looks incriminating even if the defendant is actually innocent, and such testimony can lead to an innocent person being wrongly convicted. The Fifth Amendment is there to help reduce the chances of that happening.
My post was above was a bit naughty, as I was quoting the current president (in response to a post discussing his recent impeachment) without revealing that it was a quotation.
They can require you to tell them where the body is if you “encrypted” its location (i.e. buried it somewhere)
Telling someone the encryption key is being compelled to act as a witness against yourself, which the 5th amendment provides protection against (if used).
There's no prospect of this being used to bring about a wrongful conviction through coercing a confession.
It is exactly the same as when a confidential source gives up an address (for example) the source never gets into evidence.
If the key involves a password that you, a human, have memorized in your squishy pink organ, it's privileged under the Fifth Amendment. (This hasn't been tested in court yet, of course. There's no precedent to fall back on.)
If the feds seized my hard drive and wanted me to decrypt that file, can they lock me up until I give up the password even if I really have forgotten it?
Judging by our password reset request tickets, I can say "yes"
I've even forgotten a password just minutes after typing it. And I can't even tell you my desktop password despite typing it a dozen times a day for nearly 6 months. I once tried to give my wife the password over the phone and I couldn't do it without a keyboard to silently type on.
Usually only passwords are assumed to be remembered that are used many times with no sign of changing it.
Still, the defendant can claim that the whole ordeal of arrest and trial took a serious toll on his/her memory. Of course the judge might or might not believe it.
I once helped a professor decrypt a zip file by brute forcing the password (it was only 6 characters long). He swore it was his wife's name and that the file must be corrupt because he surely knows how to type her name. Turned out that it was a misspelling of her name, and he said "Oh right, I misspelled it to make it harder to guess".
I'm just claiming that this is how courts operate, not that it's the best thing ever and that it's infallible.
More than once, the first thing I've done after confirming a new account via email is reset my forgotten password. Am I guilty if I didn't bother to reset it right away?
But in the US a criminal record can haunt you for decades. At job applications or housing applications. Elections. And many other bad things that haunt people for a long time. 18 months is horrible too but better then a criminal record haunting you.
Were they required to reveal the location?
Then you have to (a) show why you weren't the one to encrypt the devices or (b) make a 5th Amendment argument about why you don't have to turn over the encryption key during which time you may be incarcerated. "I forgot" is generally not a valid defense.
Am I the only here who had to re-install Linux after x weeks or months of uptime because the LUKS password was forgotten? It happened to me more than once.
How is it "generally not" (but sometimes yes?) a valid defense when it's a fact that people are losing their passwords?
The internet is full of messages like: "I forgot my LUKS password but remember it had the name of my dog in it" (not advising to do that btw), "Is there a way to crack my own password?"
P.S: I've got backup of all my files and configuration files, so re-installing Linux ain't a problem: theft / flood / fire / full-disk encryption password lost... I wouldn't lose anything.
The number of times that people invoke "I don't recall" while giving testimony under oath says otherwise.
And for the record, a defendant claiming "they forgot" something within their control is valid circumstantial evidence of guilt or responsibility.
When claimed by the police or prosecution witness, it's just as much valid evidence against guilt, and has been used many times to get defendants off.
Basically, it's valid circumstantial evidence against the party/side that makes the claim of forgetfulness.
OTOH, if you were to argue that it's not your device, or that you weren't the person that encrypted it, that's a very different situation.
OTOH, if a witness forgets, they would not be held in court, because there's no benefit to them forgetting, and so their loss of memory is believable.
This ruling only says that the confinement period for contempt of court, where the court has order an individual to de-encrypt some data, is too long if it is more than 18 continuous months. This does not mean that after serving that sentence and upon subsequent release, that further refusal after another court order and hearing can not result in another sentence for contempt.
Also now they're probably downvoting you because you're calling them 'bootlickers'.
Try to think about it from the court's point of view. The truth could be:
A. You legitimately forgot.
B. You're lying.
I know which one Occam's Razor favors.
Yeah, I'd bet that most people claiming to have forgotten a key or password are lying. But so what? How do you differentiate those who're concealing vs. those that legitimately don't know the string of characters? If they float, they're a witch, if they sink, then I guess they're not? (That's what 18 months for contempt is akin to)
B. You're guilty.
Uh, this is the essential question to begin with. The judge doesn't decide this unless you're in clown court.
I do understand the meaning and most likely intent of your post, but the language used is less effective than it could be.
You don't want to go into any of those reasons people waive a jury, right?
Edit: I guess this case actually answers that, to some extent. Before he said he forgot the password, he tried a couple for them.
I was deployed a few years ago and living in the conexes. I was bored and decided to go all out on encrypting everything. I picked a completely random 16 character password (I piped the output from /Dev/urandom through some tr command that only allowed typeable characters through) and committed it to muscle memory. I used this laptop every day for about a month before I went home. I took about a one week vacation midway home.
With the break and change in surroundings I completely forgot the password. No idea what it was. I tried for about a week before I have up and reformated it. I don't encrypt my computer any more.
That's a crime they can lock you up for life for? Crazy talk.
They can't. That's why we have to say that you cannot be compelled to produce a password, because the alternative is that you go to jail for forgetting.
> Following the forensic examination, the Government moved to show cause why Rawls should not be held in contempt for his failure to comply with the Decryption Order. Two hearings were held on the issue in which, “Rawls offered no on-the-record explanation for his present failure to comply.” Based on the evidence presented, the District Court found that Rawls remembered the passwords needed to decrypt the hard drives but chose not to reveal them because of the devices’ contents.
The legal process may not satisfy your epistemological requirements, but it allows courts to make these findings. The Fifth Amendment has nothing to do with “going to jail for forgetting.”
The protection against self-incrimination is/was a protection against being put on trial and being forced to say or give testimony that you took part in or committed a crime. It is not a protection against any and all evidence from being produced against you.
In a previous age, not saying words was enough protection, because evidence was usually physical (objects). The novel problem now is that the types of evidence being protected by passwords (and the method of protection) now are so closely linked that it's quite difficult to say whether being compelled to reveal a password is testimonial.
Suppose a suspect murdered someone and was seen putting the weapon in a safe, where the combination was known to be written in a person's private papers. Those papers could be compelled to be revealed without jeopardizing privilege because the discovery of the combination is not forcing a person to testify. Even compelling the person to reveal the combination might not be testimony. And in any case, the safe could be opened with much effort and a blowtorch.
But now, the safe can never be cracked, and the person's knowledge of the password is the only thing that will open it. The person revealing the password will surely confirm his/her guilt, so it now feels very much like the info/knowledge is self-incriminating testimony.
Modern problems. They need some court resolution at a high level.
They want to take your fingerprints? You don't need to help by lifting your arm. They want you to open a safe? No need to tell them the combination, through they will crack it open if you refuse. Same with encryption keys, you don't need to say anything. Telling the truth? As the accused you're allowed to lie in court however you want.
If you do get sentenced you can get a reduced sentence if the court thinks that you've been cooperative. But you can never get punished simply for the fact that you didn't help with your own prosecution.
Really? I'm interested to know how this works, and how it is not perjury.
There also aren't juries in Germany.
There also isn't cross-examination in Germany.
The English way of law isn't the only way.
I can see no possible correct answer than "yes, absolutely, it is testimonial."
If I may take some minor artistic liberty and change the words without changing the scenario:
Consider a person on trial for murder, and the prosecution believes they wrote down where the body is buried on a piece of paper. The paper's got blood on it and was found next to a hatchet and duct tape. Gee shucks though, it's written in an ancient dialect of Silbo Gomero and they're the last person alive who speaks it. The prosecution would really love to have that evidence for their case. Can they make the defendant translate it for them?
Absolutely not, right? That's clear-as-day 5th amendment, if-I-translate-this-for-you-I'm-incriminating-myself territory.
It is the exact same concept with encryption. There is a piece of information unintelligible to an adversary (prosecutor), that the adversary believes (due to surrounding known evidence) would further their case. The only way to transform the information into something useful for the prosecutor is with the help of the defendant, using knowledge that exists only in the defendant's mind (password).
Asking the defendant to create the evidence against themselves (evidence that does not exist until the defendant creates it, mind you - not something like the contents of a safe where the physical evidence exists whether the defendant wills it or not) is a 100% textbook 5th amendment violation.
I really feel that if someone sees this any other way, they fundamentally misunderstand how encryption works. The documents the prosecution wants do not exist unless the defendant (re)creates them, and you can't ask someone to create evidence (testimony) against themselves (5th amendment, again).
If you stab people, you can wipe the blood off the knife. If you shoot someone, there was not a way to associate a projectile with a firearm. (Assuming the dubious merits of "firearm forensics".) Back in the good ol' 1780s, there's no presecutorial evidence to be gained by inspecting my safe because you cannot show that the knife/gun inside was the murder weapon.
Replace combination by password. Your example still works. If evidence is "locked" on an encrypted storage device and the password is in unencrypted plaintext form, it can be still used to "crack" the encryption without effort.
But could you force the suspect to tell you the safe combination in your example ?
It seems pretty clear the prosecution was trying to use this case to set a precedent that not producing a password means you stay in jail forever. That the accused is all but convicted for child porn makes it easy, from a PR standpoint, for the prosecution to play hardball. If it was a journalist or a whistleblower, amicus curae brief would be stacked to the rafters.
The government’s behavior on this is reprehensible, and, frankly, I’m more worried about abusive prosecutors than pedophiles.
Can you link me to an example of a false rumor Tech Dirt has spread?
EDIT: As danso points out, this issue probably wouldn't even have been reported by ars if Tech Dirt hadn't done the actual work of digging up the court documents, so complaining about the admittedly outraged tone of their articles is just petty.
his work "Justice as Fairness" "describes a society of free citizens holding equal basic rights and cooperating within an egalitarian economic system."
And this is braindead simple application of the Fifth Amendment. The courts are a joke.
Courts have come to different conclusions on both questions. Experts disagree on both questions. Even the precursor question (is requiring a defendant to provide the combination for a safe subject to the 5th Amendment?) is unsettled.
The court in this case came down on the side of treating the decryption key as a testimonial act, but avoided dealing with the 5th Amendment issues.
(2) is obviously false. You can't get to it without testimony, though, so too bad. This is the intention of the 5th.
The court avoided the 5th Amendment issues because, again, the courts are a joke.
(2) is not obviously false, because you're conflating two separate things: the encryption key and the contents of the encrypted device. Using the analogy of a locked safe: a picture taken by the defendant, for example, would be testimonial, but a picture taken by a third party would not. There's no way to know without actually reviewing the contents.
If you have a simplistic understanding of the law, it's easy to make black and white statements. But the law is not deterministic code, and has never worked that way.
So, whatever they have to do with the analogies, this decision cannot go the way the prosecutor wants it to.
The defendant was charged with child pornography offenses.
But there is a real concrete fact that the government wants to be able to imprison someone indefinitely, without a jury trial, for claiming not to know something when there is certainly a reasonable doubt about them knowing it.
The defendant was claiming to forget the encryption key to a device because it allegedly contained a massive trove of photos that would likely get him locked away in prison for life. Said device was one he had owned and used for years, including shortly before he was arrested and the device confiscated (based on testimony of his sister). It's not reasonable to believe that he just conveniently forgot his encryption key as soon as he was arrested, especially when forgetting the key was beneficial to him in the underlying proceeding.
However, it is very easy to imagine a situation where someone LEGITIMATELY cannot decrypt the device.
Yes, but this isn't that situation. And this ruling benefits that hypothetical person.
this decision cannot go the way the prosecutor wants it to.
We agree on that, but it didn't need to. The prosecution already had a strong case against him on the underlying criminal charges. They got what they wanted -- a deterrent to others trying to do the same thing just to avoid jail time.
This is incorrect. The judge could not have found Rawls in contempt if the judge was not satisfied that he intentionally failed to comply with the password disclosure order.
This much jail times ruins almost everyone, think of the mess it makes in your life /job/relationship /fiances. But I guess it beats doing xx years if you provide the passwords and evidence found there is used.
The next question is, if doing so immediately decrypts a file (e.g. a text file) which is a direct admission of guilt, can you plead the fifth against the decryption process itself, esp. if the government isn’t already aware that such a “guilt declaration” exists?
I'm pretty careful with that stuff but still it happened to me before.
> Man Who Refused To Decrypt Hard Drives Is Free After Four Years In Jail