A U.S. Court of Appeals has upheld your right to remain silent about the key to your encrypted hard drive:
The 11th Circuit Appeals Court has issued an important ruling on the question of whether or not a defendant can be forced to decrypt a hard drive when its contents could provide additional incriminating evidence. The case in question refers to the actions of a John Doe who was compelled to testify before a grand jury in exchange for immunity from prosecution. Doe was ordered to decrypt the contents of his laptop as part of that testimony, but was told that his immunity would not extend to the derivative use of such material as evidence against him. Doe refused to decrypt the TrueCrypt-locked drives, claiming that to do so would violate his Fifth Amendment right against self-incrimination.
The 11th Circuit’s ruling reverses the lower court's decision to hold Doe in contempt and affirms that forcing him to decrypt the drives would be unlawful. It also states that the district court erred in limiting the immunity it granted Doe to only apply to grand jury testimony and not the derivative use of the evidence in question. The ruling on misapplied immunity means that the 11th Circuit could’ve punted on the Fifth Amendment issue, but the court opted not to do so.
The applicability of the Fifth Amendment rests on the question of what the government knew and how it knew it. Federal prosecutors admitted at trial that while the amount of storage encrypted exceeded 5TB, there was no way to determine what data was on the hard drive — indeed, if there was any data whatsoever. Plaintiffs were reduced to holding up numerical printouts of encryption code that they said “represented” the data they wanted, but were forced to admit that there was no way to differentiate what might be illegal material vs. legal.
The question at hand is whether or not decrypting the contents of a laptop drive is testimony or simply the transfer of existent information. The court acknowledges that the drive’s files are not testimony of themselves, but writes “What is at issue is whether the act of production may have some testimonial quality sufficient to trigger Fifth Amendment protection when the production explicitly or implicitly conveys some statement of fact.” (emphasis original)
Previous court cases have established that merely compelling a physical act, such as requiring a defendant to provide the key to a safe, is not testimonial. Actions are also non-testimonial if the government can invoke the “foregone conclusion” doctrine by showing with “reasonable particularity” that it already knew that certain materials or content existed.
By decrypting the drives, Doe is admitting “his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.” The court dismisses the argument that the contents of Doe’s hard drives are a foregone conclusion, noting that “Nothing… reveals that the Government knew whether any files exist or the location of those files on the hard drives; what’s more, nothing in the record illustrates that the Government knew with reasonable particularity that Doe was even capable of accessing the encrypted portions of the drives.”
“The Government has not shown, however, that the drives actually contain any files, nor has it shown which of the estimated twenty million files the drives are capable of holding may prove useful… we are not persuaded by the suggestion that simply because the devices were encrypted necessarily means that Doe was trying to hide something. Just as a vault is capable of storing mountains of incriminating documents, that alone does not mean that it contains incriminating documents, or anything at all.”
The strength of this decision is the balance it strikes between the rights of the government and the individual. Rather than focusing on the nature of the pass phrase defendants are ordered to provide, it emphasizes the issue of what the prosecution knows and how it learned it. If the prosecutors had had sufficient data to indicate that illegal materials were stored on Doe’s hard drives, forcing him to testify would’ve been valid under the foregone conclusion principle.
The decision is noteworthy for the nature of Doe’s alleged infraction. Doe was called before the grand jury to testify because an IP address corresponding to multiple hotel rooms where he stayed was found to have accessed child pornography via YouTube. Child pornography is a despicable crime, but deriving legal precedents from a desire to punish someone makes for lousy jurisprudence. The 11th Circuit decision heaps no small amount of scorn on the district court’s attempt to immunize Doe’s testimony without immunizing the defendant, deriding it as akin to asking for “manna from heaven,” in which squeaky-clean testimony mysteriously appears on the courthouse steps without any troublesome questions into how it was obtained.
This decision doesn’t make it impossible for the government to use the contents of an encrypted drive, but it requires that the prosecution demonstrate a knowledge of the contents and data contained therein before being allowed to issue a blanket demand. It’s a fair call, and given the increasing number of similar cases, an important one.
This is very important as more and more poeple encryt their computers using free encryption software like TrueCrypt. Not only can the government not break in to an encrypted computer with a good encryption key, they also can't force individuals to turn over the key.
UPDATE: TrueCrypt has fallen into disfavor since this blog post was published, although it still works for many functions. Here are some alternatives to TrueCrypt: https://www.comparitech.com/blog/information-security/truecrypt-is-discoutinued-try-these-free-alternatives/