DOJ Asks DC Court To Compel Decryption Of Device Seized In A Capitol Raid Case

from the be-careful-what-you-ask-for dept

The DOJ is testing some waters it may not want to be troubling, not with hundreds of prosecutions stemming from the January 6 Capitol raid on the docket. It has asked the DC court to compel a defendant to decrypt his laptop so the FBI can search it for evidence. (h/t Marcy Wheeler)

The government is seeking an All Writs Act order [PDF] forcing the alleged device owner to unlock the device using either his face or his passcode.

The government respectfully moves for an order compelling the defendant to produce a critical piece of evidence – his Microsoft Surface Pro laptop computer – in an unencrypted state. The government proposes a two-step process: First, the defendant should be ordered to place his face in front of the computer’s camera, so that the computer can be biometrically unlocked. Second, if the biometric attempt does not unlock the computer, the defendant should be ordered to type his passcode or PIN into the computer.

Having failed to obtain consent, the government is now hoping to achieve this by force. This isn’t a particularly wise idea considering how many cases it’s currently juggling in this circuit. If the court decides this violates the Fifth Amendment, it may negatively affect other prosecutions involving secured devices.

The government argues there’s no Fifth Amendment issue here.

The requested relief would not violate the defendant’s Fourth or Fifth Amendment rights. With respect to the Fourth Amendment, there is only minimal intrusion on the defendant’s privacy, and there is probable cause that the defendant’s face can unlock the Subject Device (and lead to the recovery of relevant evidence). With respect to the Fifth Amendment, Reffitt’s entering his password into the Subject Device does not violate his privilege against self-incrimination, because his act of production would not be testimonial, since the only potentially testimonial component implicit in his act of producing the unlocked/unencrypted device is a foregone conclusion.

This will come down to what the court feels the phrase “foregone conclusion” actually means. While the act itself (either presenting biometrics or providing a passcode) isn’t necessarily testimonial, it does give the government access to evidence that might be used against the person being compelled to grant access to this information. At least one court has found that entering passwords and providing evidence are basically the same thing, since the first naturally leads to the latter. The government has no interest in the password, even though that’s what it is seeking to compel. It’s interested in what having that password entered will provide.

If the only foregone conclusion the government needs to have in its possession is who owns the computer, obviously compelled decryption will help establish ownership. The government appears to know whose computer it is. The Surface Pro targeted by the proposed order displays the name of the defendant (Guy Reffitt) on the screen when opened. And, despite Reffitt (initially) telling investigators otherwise, one of Reffitt’s family members confirmed it belonged to the defendant.

Having that much information on hand might be enough to compel decryption if the court decides the only foregone conclusion the government needs to reach is the most likely owner of the device it’s seeking to unlock. But if the foregone conclusion bar is set higher — a likely source of criminal evidence — things will get much more difficult for the government.

The government is basing this request on the theory that recordings captured at the Capitol by the suspect’s helmet-mounted camera were moved to the laptop for storage prior to their deletion from the camera. However, the government seized multiple devices from the defendant’s home, including three phones, two other laptops, and one desktop computer. Most of those have been searched already and determined they don’t hold any relevant data.

The government is assuming — based on statements by family members who viewed recordings on that device — that’s where the recordings it is seeking are now located. But it won’t know this until after it performs a search. And it can’t perform a search until the device is unlocked. This assumption is credible, but the files could have been uploaded to the cloud and viewed on the device, which means the files the government concludes (in a foregone way) must reside on the laptop possibly aren’t actually there.

If the court decides the government doesn’t have more than a hunch at this point, it may deny this order. And it may decide to lay down some Fifth Amendment ground rules that eliminate compelled production as an option. This is a roll of the Constitutional dice the government may later regret — a rerun of its failure to compel decryption assistance in the San Bernardino case. But if it goes the other way, it will become that much easier for the government to pursue prosecutions in a district that handles an outsized portion of the DOJ’s cases.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ Asks DC Court To Compel Decryption Of Device Seized In A Capitol Raid Case”

Subscribe: RSS Leave a comment
This comment has been deemed insightful by the community.
That One Guy (profile) says:

Having it both ways

As noted the point of compelled decryption is not the password it’s what the password allows access to, something that should always be the first consideration for cases like this when it comes to the fifth.

The government wouldn’t be asking for forced decryption if they didn’t think that what was on the device wouldn’t be of use for them, and given this is a prosecution the use is pretty obviously against the person who would be decrypting the device so the idea that this wouldn’t involve self-incrimination is an idea that really doesn’t hold up as they are trying to force the defendant to provide potentially self-incriminating evidence that the government doesn’t currently possess.

AricTheRed says:

Re: Having it both ways

Perhaps having it only one way is the goal in this case?

If the family members have testified or given evidence that the vides WERE ON the device, perhaps the gubbment is trying to prove that they are NO LONGER on the device so they can charge the person with destruction of evidence.

It is not often WHAT YOU DID that they get you for, but WHAT THEY CAN GET YOU FOR that they end up getting you for…

Scary Devil Monastery (profile) says:

Re: Having it both ways

"The government wouldn’t be asking for forced decryption if they didn’t think that what was on the device wouldn’t be of use for them…"

Although the general trend of your argument is right, this particular sentence isn’t. The DoJ helmed so long by Bill Barr will look at a person and decide that since he’s wearing pants he must have something to hide. And that a refusal to strip must mean he has tattooed the detailed plans of overthrowing the government on his dick.

Anonymous Coward says:

Unless the government already has the video they desire and is certain that another copy of that video resides on that computer, then "forgone conclusion" isn’t valid. I will agree that it’s a "forgone conclusion" about who owns the computer. But as others have already said, the government doesn’t actually care about the password. The government is more concerned about the pool that’s locked up and wants the pool unlocked so it can go fishing.

Nathan F (profile) says:

The requested relief would not violate the defendant’s Fourth or Fifth Amendment rights. With respect to the Fourth Amendment, there is only minimal intrusion on the defendant’s privacy,

I’m sorry what? What kind of stuff is that guy smoking because I’m almost sure there is as much or more personal information on that laptop then he might have on his phone.

sumgai (profile) says:

Re: Re: Re: Re:

The fundamental difference is who is unlocking it. Your file cabinet analogy fails because the government can open the file cabinet [in some manner] without the defendant doing it for them.

No, the locked file cabinet still has the same protections – it needs a warrant of compulsion, too. Even if most folks don’t keep their personal lives in the filing cabinet (they more often used a Rolodex… look it up), there is still the bit about privacy that’s pretty much set in stone, aka 4A and 5A.

Upstream (profile) says:

Dead horses and already settled law?

I thought that the basics of this issue had been settled long ago: That one can be compelled to produce something one has, like a key, a fingerprint, or their face, but that one cannot be compelled to produce something that one knows, like a safe combination, computer password, or encryption key.

This has always been the reason given for making sure your phone (or computer, or whatever) cannot be unlocked with biometrics alone if you want to have any chance at all of the government not being able to access it’s contents.

Of course, if the government can get into your safe, phone, computer, or whatever without the combination or password, etc, you are still out of luck, but at least the combination lock or password protection add a degree of difficulty to the task.

Isn’t this just another example of the government trying to breathe new life into a long dead horse, and hoping no one will notice the horse’s miraculous recovery?

This comment has been deemed insightful by the community.
That One Guy (profile) says:

Re: Re:

It seems to me that making someone provide a password to access a computer would not violate the 5th.

If the device has potentially incriminating evidence that the government doesn’t already have I don’t see how it wouldn’t be a violation, as you’re forcing someone to provide evidence that will be used to incriminate them, that it might take one extra step really doesn’t change the underlying act.

Forcing a defendant to tell them what files they have on the computer would be a different story.

The two are effectively indistinguishable though, whether you tell someone or not what’s on your computer if you give them access to it they can find out themselves, the only real difference is time so if you’re against the latter you really shouldn’t be in favor of the former either.

Smartassicus the Roman says:


It’s a bit out of date but there is a patch for LUKS encryption (Linux) that will add a ‘nuke’ password. If you enter the nuke password at the PW prompt the encrypted keys held in secret keyslots are deleted and unless you have a backup of the keys it can never be decrypted.

Before anyone goes off and does this, be warned: LUKS stores the keys in a location known only to the system. On a SSD, sometimes the drive moves data around to different locations transparently. If the drive moves a key to a new location, you’re screwed. That’s why I quit using LUKS, period.

Anonymous Coward says:

That proves why you need to use "booby trap" mode, if available

This is so that if there are too many failed password attempts,. the device wipes itself and resets.

That is what I have my phones set to, as part of "insane cop proof mode"

There is no criminal statute you can be prosecuted under if they make too many failed password attempts and the device wipes itself. If they trigger to auto-wipe if there are too many failed password attempts, that are just SOL.

There is no law in any of Mexico’s 31 states, America’s 50 states, Canada’s 14 provinces, or at the federal level in those countries you can be prosecuted under if the cops cause a wipe and reset if they make too many failed password attempts.

If your device has a "booby trap" function, use it!!

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...