Your Encryption Key Is Protected By The Constitution?

from the can't-incriminate-yourself dept

In an interesting case up in Vermont, a federal judge has ruled that someone accused of a crime cannot be forced to reveal his or her encryption key, as it would be a violation of the Constitution's 5th Amendment, saying that an individual cannot be forced to self-incriminate. In an age where encryption is becoming increasingly popular, expect to see other cases of this nature. It seems likely that a case like this one (if not this one itself) will eventually wind up before the Supreme Court to determine whether or not someone can be forced to give up his own encryption key. Where it gets tricky is the question of whether or not the key itself incriminates the person. As the article notes, a person can be forced to give up a key to a safe that contains incriminating evidence, which many say is analogous to this situation. In the meantime, though, we've already seen cases where people are presumed guilty just because their computers have encryption software installed -- so, it may not matter whether or not the key is provided when the presence of PGP alone is viewed as incriminating.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Haywood, Dec 17th, 2007 @ 7:21am

    I have a hard time accepting that

    "people are presumed guilty just because their computers have encryption software installed"
    Does that mean if I lock my doors I'm assumed to be doing something illegal inside?
    Suppose I just want to keep the grandkids out of my porn?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    jhunter, Dec 17th, 2007 @ 7:27am

    5th ammendment

    So... if I make my password an admission of some crime then they couldn't make me give it up.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Haywood, Dec 17th, 2007 @ 7:33am

      Re: 5th ammendment

      OJ's password is; I_DID_IT

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Matt, Dec 17th, 2007 @ 8:59am

      Re: 5th ammendment

      I know the comment about the password being an admission of some crime was at least partially facetious, but it's an important point. While the key to a safe can only, forever, be some sort of physical key-type of object, a passphrase can be literally anything, from "sodighwreg456725$##" to "I am a filthy paedophile and all the kiddy porn on this laptop belongs to me" (as an example). The former could be given up freely, the latter, not so much, and there's no way for the state to know which it is until it's given up. If it is the latter (or something similar), than I can't really see how you couldn't give 5th amendment protection (despite the fact that it's almost certainly a clever way to ensure just that).

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    anon, Dec 17th, 2007 @ 7:38am

    And your constitution is protected by...?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    UniBoy, Dec 17th, 2007 @ 7:53am

    Protection of constitution

    @anon

    Actually, the Constitution is protected by the full strength of the U.S. military, whose officers are sworn to support and defend *it*.

    One can hope that the vast majority of said officers take that oath seriously, and can tell when *its* authority is being usurped by mere politicians...

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Richard Ahlquist (profile), Dec 17th, 2007 @ 8:52am

      Re: Protection of constitution

      Actually the people of the US and the Constitution are protected by the military. The people of the US by virtue of the power of the second amendment also protect the constitution from the government when needed. If you doubt that read what Thomas Jefferson has to say about overthrowing the government sometime ;)

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 17th, 2007 @ 8:26am

    Funny, I don't see the military stepping in now to prevent the Constitution from being turned inside out. Why are they not protecting it right now from team Bush?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    slimcat (profile), Dec 17th, 2007 @ 8:37am

    The rule makers

    President George W. Bush said of our Constitution: "It's just a goddamn piece of paper." Google it yourself.

    Those in charge make the rules and the rule benefit only those in charge. One day, hopefully, this will come to an end.

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    mQGiBEdbHE0RBADEEtnxrVLK9ocQonX8zVP4hUejy/C89RnuHLL7dXDF35XqEt1b
    lVsuvzG7YTX2aFqZNkQ v1nZO8InpwT3KXrADzbGb6otkSo4vA8C0fq+IqNi2KJ9R
    FYtGKDvFnvp90iAn1fDqT7jXiNkKpDdp9CPBsHbIHS/XgpAiZqdCD eaXOwCg6uvt
    2ZJhPyNNPzWuux63zx5HZXsEAIb6CXLwch38vsDt8Big4XRWpBOUtUTQZlxd6XSt
    U9pdSY0WBnzFjtA4ahSnZ aLoHjs5/kyjv1z/H1MuDstcZ8AnkoINWnT1ozviPiup
    T8mWS15NYCSj46Oqc/ztrNeyhPFOhXg6ZxNEY/4zM9vqSz+F+pIZu0F OVKKFdVVq
    w/YCBACHWjrtl2uAmVhbOCRc9hQz9sNbkk9F+OWgKcrEJliXmCcXDQRfhQ3JN1FH
    EleuapuUFTV7Wke+IkNjP5C fwRWmIQTgWKpHPOef1K6YgRr+bhPJjXMiRjXRuBUm
    OvngPsbZgb0MS2Ajy/3bmLMUijKZmNjrlmyPC1eYjWSbJXRh17QpUm9ia W4gU21p
    dGggKGdlbnVzZSkgPGZ1ZWdvNDUxQGdtYWlsLmNvbT6IYAQTEQIAIAUCR1scTQIb
    IwYLCQgHAwIEFQIIAwQWAgMBA h4BAheAAAoJEDyNrB0qhmTxT3UAnRs/tDQi8KFQ
    DAeBDYN1UzcenWvJAKCKsgrsCg0/QoGFTmYht7eipK3aD7kBDQRHWxxQEAQ AlYAr
    WXRkbfMgmWI3UljoMSQpkGB0x3ZPqjC/gExzrXVlGeTBm3C40mg0oFZrNHKlWMCi
    smt3oVyEwOrP9ngeUnunk2PddxK dznw9gRGQjzByDgXwd2oQtJiL94l5Jy76KZfX
    bHdPZl8Y67thCgSMCO4pvWKZuAkllW8EvXFv7XsAAwUD+gOJKZsHPpCXCtPi7 1Fy
    Fe6+NyHZI1Sb/cXIQtCShHeciKihuDIcUqCyEEqFEBzm5f8H6Axny01tUe0Y/01Z
    wDuTVJB2wTIHO9G0JAuSuUWsD3Pgc wX8ALMhm+9eoym4vcaI9WY3zg7hQiijH1p2
    2+4QKvHNvcJ7VW6tVAja4/UYiEkEGBECAAkFAkdbHFACGwwACgkQPI2sHSqGZPG R
    ZwCdH73m8BnlmJM8BsSwKNLFR69+g+0AmwaFSaIQOSAqCtyzTM0KuTCW0OsT
    =NlOY
    -----END PGP PUBLIC KEY BLOCK-----

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Killer_Tofu (profile), Dec 17th, 2007 @ 8:45am

    Bush also ..

    .. said on more than one occasion that his job would be much easier if, and he would prefer it if, the US was just a dictatorship.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Kelly Martin, Dec 17th, 2007 @ 8:50am

    Combination locks

    It's established law, IIRC, that you cannot be forced to give up the combination to your combination lock because that would require an utterance. The same goes for the passphrase to a private key. The key itself they can have, but not the passphrase required to use it. It's not the key that's the issue; it's the passphrase. Moral of the story: use passphrases on your private keys, and don't write them down anywhere.

    The difference between a safe combination lock and a digital private key is that a safe's lock can be circumvented in a reasonable timeframe. A digital private key encrypted with a strong passphrase and nonreversible encryption, not so much.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      BTR1701, Dec 17th, 2007 @ 10:53am

      Re: Combination locks

      > you cannot be forced to give up the combination
      > to your combination lock because that would
      > require an utterance

      An utterance isn't the standard involved. It's well-established in consitutional law that requiring people to participate in voice line-ups and/or provide vocal samples for technical analysis does not violate the 5th Amendment, even though such things require an utterance.

      The difference is that a voice sample is not testimonial. The police aren't using what you say as evidence. They're using the unique qualities of your voice as evidence, just like they would fingerprints. The words are irrelevant, hence constitutional.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 23rd, 2008 @ 4:15pm

        Re: Re: Combination locks

        The difference is that a voice sample is not testimonial. The police aren't using what you say as evidence.
        Hmm, so they can make you talk as long as they don't use your actual words as testimony? For example, they could force someone to tell what happened and reveal where other evidence can be found and then use that other evidence but not the actual statement in court. In that case it sounds like water boarding could become a primary investigative tool.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Sanguin Jay, Dec 17th, 2007 @ 8:52am

    RE: Your Encryption Key Is Protected By The Consti

    I have read about a few cases where having encrypted information on your hard drive was the only evidence but that is such flimsy evidence cause that encrypted data could or could not be illegal or could or could not be relevant in the case. So if you have data that is or could be illegal your better off encrypting it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Russ, Dec 17th, 2007 @ 9:19am

    Lock Combo

    I think Kelly has the issue. There is a difference between a physical key and a combination. The pwd is a combination, not a key.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ben, Dec 17th, 2007 @ 9:20am

    Testifying

    I think the point about the passphrase is that giving it up is tantamount to testifying against yourself. Whilst giving up the physical key to a safe that contains incriminating evidence is essentially self-incriminating it is not doing so by testifying against your self which is what i beleive the 5th amendment protects against. Where as if the safe has a combination lock you could claim the 5th as giving up the combination amounts to testifying against your self.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Russ, Dec 17th, 2007 @ 9:28am

    Consitiution

    Uniboy, et al

    If you had any understanding of the military in their constitutional role you would not be posting such blather.

    The military is not a political organization, it does not make decisions with regard to constitutional issues. That is the role of the SC. The Military was placed under control of civilians, subordinate to duly elected officials.

    To complain about your elected officials is your 1st amendment right. To advocate the violent overthrow of the government is sedition.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Russ, Dec 17th, 2007 @ 9:33am

    Testifying

    Ben

    The twist on that is the password itself is not incriminating, but the files that it opens may be. So is the pwd protected or not?

    For the SC to decide.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Ben, Dec 17th, 2007 @ 9:44am

      Re: Testifying

      I thought the point was that you can't be made to testify against yourself IN CASE you incriminated yourself. How can someone determine whether or not something is incriminating without revealing the evindence, as previously mentioned his pass phrase could well be "I download kiddy porn" as far as the feds know.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Killer_Tofu (profile), Dec 17th, 2007 @ 9:36am

    Sedition

    Like 18th century sedition?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    thor, Dec 17th, 2007 @ 9:58am

    save evidence until a supercomputer cracks it

    save evidence until a supercomputer cracks it

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    BTR1701, Dec 17th, 2007 @ 10:57am

    Compelled Production of Passwords

    Being a cop myself, I nevertheless tend to side with the judge on this one. People shouldn’t have to help the government make a case against them. Besides, this is just like trying to compel someone to produce a voice sample— what happens if the court orders him to produce the password and he still refuses? Hold him in contempt? Big deal. If he’s facing 10 years on a child porn charge and he knows that if he produces the password, they’ll have the evidence to convict him, a few months in the local jail on a contempt charge is by far the better deal.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Infestedtassadar, Sep 28th, 2009 @ 2:17am

      Re: Compelled Production of Passwords

      by BTR1701
      "Being a cop myself, I nevertheless tend to side with the judge on this one. People shouldn’t have to help the government make a case against them. Besides, this is just like trying to compel someone to produce a voice sample— what happens if the court orders him to produce the password and he still refuses? Hold him in contempt? Big deal. If he’s facing 10 years on a child porn charge and he knows that if he produces the password, they’ll have the evidence to convict him, a few months in the local jail on a contempt charge is by far the better deal."

      Plus not be labeled as a pedophile, in this case anyhow. Should of used Truecrypt. Wouldn't even get to the point of an arrest, much less contempt, or an actual conviction. This is from truecrypts Documentation:


      It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.

      The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not*, because free space on any TrueCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.

      http://www.truecrypt.org/docs/
      under
      Plausible Deniability
      Hidden Volume

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Cynic, Dec 17th, 2007 @ 11:29am

    I find it ironic that I think of myself as a conservative, (at least I voted that way for a couple decades) but of late have had to vote with the other US party because I am trying to "conserve" what makes this country special (to me at least). When I was young, a long time ago, both sides of the aisle seemed to feel the rule of law and justice was important (variances in that belief did not seem to line up with party, at least). So I voted over things that were matters of opinion and gave my support to those who seemed to agree. Now it seems I am having to throw my weight on the side of the Bill of Rights while other important issues (like my children's and grandchildren's economic future) get less attention. I applaud the judge for their decision, and BTR1701's insightful understanding that in the US it is a long standing precedent that everyone is presumed innocent until proven guilty by the state.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Killer_Tofu (profile), Dec 17th, 2007 @ 11:43am

    Re 21 Citations & 22 BTR

    http://www.buzzflash.com/analysis/2002/10/29_Dictator.html
    Google is a wonderful thing.
    Its so easy to use, you should try it sometime.
    But there you go.
    3 different times he mentioned it (one was off handed joking but saying it other times you gotta wonder).

    Feel free to puruse these as well.
    http://politicalhumor.about.com/library/blbushisms.htm

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    zcat, Dec 17th, 2007 @ 11:59am

    It's only sedition if you try, and fail...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Old_Paranoid, Dec 17th, 2007 @ 12:27pm

    cryptographic protection

    The assumption of guilt due to installation of special purpose crypto software is going to be a bit harder if your OS provides good crypto support. Microsoft includes bitlocker for systems with a TPM 1.2 chip in the Enterprise and Ultimate SKU's. If this is appropriately configured, it will give very good protection, and it is part of a broadly distributed OS. Clearly, other OS's have or will have similar support.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      nunya, Dec 17th, 2007 @ 1:44pm

      Re: cryptographic protection

      Given the choice between OSS and an MS solution, which would you really prefer?

      Who is to say that MS doesn't have a means of breaking the code and handing over the info to whoever requests it?
      When I read their licenses, it sounds to me that is exactly what they have the "right" to do with software you license from them and the information they gather from you.

      I think if it comes down to real security, I'm going with an OSS solution. At least I can look through the code for anything that looks like a backdoor or skeleton key.

      This kind of goes back to the companies that forget or ignore the governments keyloggers and trojans in their security software.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 23rd, 2008 @ 4:23pm

      Re: cryptographic protection

      Do a search on Microsoft NSA_KEY.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Ehh, Dec 17th, 2007 @ 12:32pm

    Encryption: heh

    Well, If having encryption is considered to be increminating, then I would have to say, woowhoo!!! that finally means that credit card companies need to stop using it.. It makes us look guilty of fraud...?

    On a side note: what if you work in a security concious environment that requires any VPN users to use PGP for files directly related to their job, and in that case should the government get an injunction to decrypt said cryptainer, at that point you are protecting your company and it's assets regardless of what else is encrypted.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Rich Kulawiec, Dec 17th, 2007 @ 3:15pm

    Re: cryptographic protection

    Nunya's got it right -- software that hasn't been independently peer-reviewed can't be trusted to perform any functions, let alone security-critical ones such as encryption. As we've seen (over and over and over again), it's very difficult to implement correctly-functioning software even with enormous amounts of peer review; without it, it's hopeless.

    My way of explaining this is "closed-source is faith-based security".

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Russ, Dec 17th, 2007 @ 8:10pm

    Specifics of the case

    I know everyone is getting wrapped up on the principals behind this case but let's not lose the sight of the fact that it will likely be decided on the particulars.

    Note that the CP was observed by a an official BEFORE the cryto kicked in. That may or may not be the deciding factor.

    The SC has a tendency to decide on very narrow grounds, the days of the warren court are long gone. No penumbras likely to be found here.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Shun, Dec 17th, 2007 @ 10:25pm

    In Soviet Union...

    Secret Key encrypts you? OK, seriously. Let's turn this around to the boogeyman hypothetical situation that we all like to pick on.

    Let's pretend that you are a political dissident in China. You have been caught sending seditious PGP-encrypted messages to people outside of the country (how do we know they are seditious? Because they are encrypted, of course.) We brutally pull you into detention and check your hard drive. Lo and behold, you have further encrypted files on your hard drive! Incredible! Treason! Now, let's just pretend that the Chinese government magically gets something like the 5th Amendment, the Supreme Court, and something approaching the rule of law.

    How would any citizen of any country react to this situation? Wouldn't we be outraged that a citizen was being oppressed for "possible crimes against the state"? Crimes that could not be proven, except by torturing the secret key out of the person? Stop me when this starts to sound familiar.

    See, PGP was not created for the express purpose of hiding the communications of people in Burma and China, exclusively. Any political dissident, anyone with an opinion contrary to the opinions held by those currently in power, and basically anyone who values his/her privacy, has the right to encrypt.

    If the government has independent proof that I or anyone else has committed a crime, let the government present that evidence. Seizing and fishing through a laptop is a cop-out. It's lazy police work. If a crime has been committed, and anyone is arrested in connection to that crime, you'd better have great evidence that connects this crime to this person. Otherwise, you have to let that person go.

    Sorry, but your person is a better criminal than you are a cop. You'll just have to catch that person when they commit their next crime. Sounds harsh? So does false imprisonment, and holding political prisoners. The U.S. criminal justice system was originally set up so that it was given that some criminals would go free. As long as no innocent person was placed in prison, this was considered an acceptable price. Now, with our "Law and Order" folks running around, the balance has shifted. Now, you're "guilty until proven innocent" and even then, you're innocent only if you can afford an expensive lawyer.

    You absolutely have the right to remain silent. There is no God or Government that can compel you to speak. If they use torture, coercion, "harsh methods" of any sort, you've just proven that the authorities have zero moral (and legal) legitimacy. Also, you can just claim that you forgot your password. Hey, the "I don't remember" excuse worked for Reagan. Turns out he, at least, was telling the truth.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Killer_Tofu (profile), Dec 18th, 2007 @ 5:05am

    The "I Don't Remember"

    Also worked quite well for Gonzales. Just to use a much more recent example.

    Very well said Shun.
    I agree with your argument.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    JR, Apr 23rd, 2008 @ 1:26pm

    Encrypted Corporate Hard Drive

    I work for a multi-national corporation that deals in sensitive financial information. It is a policy that all laptops must have encrypted hard drives in case a machine is lost or stolen. I have to type in my key to boot it up. Will a "search" require me to cough-up the password just to boot the machine?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Andrew Yu-Jen Wang, Mar 4th, 2009 @ 8:50pm

    Speaking of George W. Bush:

    George W. Bush committed hate crimes of epic proportions and with the stench of terrorism (indicated in my blog).

    George W. Bush did in fact commit innumerable hate crimes.

    And I do solemnly swear by Almighty God that George W. Bush committed other hate crimes of epic proportions and with the stench of terrorism which I am not at liberty to mention.

    Many people know what Bush did.

    And many people will know what Bush did—even to the end of the world.

    Bush was absolute evil.

    Bush is now like a fugitive from justice.

    Bush is a psychological prisoner.

    Bush has a lot to worry about.

    Bush can technically be prosecuted for hate crimes at any time.

    In any case, Bush will go down in history in infamy.

    Submitted by Andrew Yu-Jen Wang
    B.S., Summa Cum Laude, 1996
    Messiah College, Grantham, PA
    Lower Merion High School, Ardmore, PA, 1993

    “GEORGE W. BUSH IS THE WORST PRESIDENT IN U.S. HISTORY” BLOG OF ANDREW YU-JEN WANG
    ______________________
    I am not sure where I had read it before, but anyway, it is a linguistically excellent statement, and it goes kind of like this: “If only it were possible to ban invention that bottled up memories so they never got stale and faded.” Oh wait—off the top of my head—I think the quotation came from my Lower Merion High School yearbook.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Mike, Nov 18th, 2009 @ 6:44am

    An interesting note to this is that while you cannot be forced to give any passwords that would unencrypt your data and potentially incriminate you, the government can bring in their uber hackers to simply crack your encryption software and forcefully extract data that may incriminate you. Seems kind of contradictory, don't you think?

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This