Judge Says Giving Up Your Password May Be A 5th Amendment Violation

from the protect-your-data dept

Courts have gone back and forth over the years concerning whether or not being forced to give up your password to reveal encrypted data is a violation of the Fifth Amendment. Now there's been yet another decision saying that someone cannot be forced to give up their password, because it likely violates their Fifth Amendment rights.
This is a close call, but I conclude that Feldman’s act of production, which would necessarily require his using a password of some type to decrypt the storage device, would be tantamount to telling the government something it does not already know with ‘reasonably particularity’—namely, that Feldman has personal access to and control over the encrypted storage devices. Accordingly, in my opinion, Fifth Amendment protection is available to Feldman. Stated another way, ordering Feldman to decrypt the storage devices would be in violation of his Fifth Amendment right against compelled self-incrimination.
It's definitely a good thing to see courts getting this right. Being forced to give up your passwords and encryption is quite a slippery slope. It's good to see judges pushing back.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Rikuo (profile), Apr 26th, 2013 @ 3:34pm

    Just to spell things out for...certain people before they run their mouth off...

    The police had no solid evidence that the accused had owned the child porn. The hard drives may have been in his possession, but the police were unable to establish beforehand whether any child porn found on those drives was placed there by the defendant or by someone else. Basically, the only solid evidence (if there was any), at least in this case, was in the defendant's possession and obviously, as a man being accused of a crime, he didn't have to help those accusing him.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Avantare (profile), Apr 26th, 2013 @ 4:35pm

    Re:

    Absolutely agree.

    They have a crime which has been committed but are unable to gather substantial evidence to find a perpetrator they are able to bring charges against.

    The police are on a fishing expedition, nothing more.

    Don't get me wrong. Child porn is a heinous crime and must be dealt with severely BUT must be done in a professional, methodical way. This is not that way.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    BentFranklin (profile), Apr 26th, 2013 @ 4:41pm

    Absolutely! Allowing strong encryption is a direct consequence of your right to remain silent. That's one reason why encryption was allowed domestically but you were forbidden to export it.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Pseudonym, Apr 26th, 2013 @ 4:55pm

    Re:

    Yes, this is very important. The issue in this case is that the very act of producing a password would constitute solid evidence that the accused had access to the child porn. The police had no solid evidence of this, so compelling the accused to turn over a password would be compelled testimony against himself.

    The police can still compel you to turn over a password if they know beyond reasonable doubt that you know it, and they know beyond reasonable doubt what they'll find when they use it. That hasn't changed in this ruling.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Apr 26th, 2013 @ 4:56pm

    What would happen if the police found a file on your drive that they claimed was encrypted and then got a court order to get you to reveal the password, but instead you just stuck to your guns and said you have no idea what they are talking about?

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    That One Guy (profile), Apr 26th, 2013 @ 5:21pm

    Re:

    Then you get slapped with 'contempt of court', which is basically the legal way to coerce you to cooperate, and can involve pretty much unlimited jail time until you agree to do what they want you to.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Violated (profile), Apr 26th, 2013 @ 6:06pm

    UK

    I just wonder if such a self-incrimination reason would also apply here in the UK? They after all have a law that says if you don't hand over your password when asked then they will just stick you in prison for a few years anyway!

    Privacy = Prison.

    Maybe there is better hope under the EU Human Rights Act but I have yet to check.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    tracker1 (profile), Apr 26th, 2013 @ 9:21pm

    Search Warrant

    That is what search warrants are for, and I would presume that if a warrant were presented, then you should be compelled to turn over said password(s).

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    madasahatter (profile), Apr 26th, 2013 @ 9:27pm

    Re: Re:

    If they have proof one has child porn, such as photos in the person's possession then they do not need anything from the hard drive. At any rate the 5th Amendment still stands and the police are still on a fishing expedition.

    I hope the police are smart enough to use hash tags and not just the file name. One could rename a picture of a dog or cat to something sounding like child porn as bait.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    madasahatter (profile), Apr 26th, 2013 @ 9:31pm

    Re: Search Warrant

    Not quite, the warrant allows for gathering for later analysis of potential evidence. There is nothing stopping someone from trying to crack the encryption other than time. The argument can be made if the police have the hard drive they can try breaking the encryption and demanding the password is self-incrimination.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    madasahatter (profile), Apr 26th, 2013 @ 9:34pm

    Re: UK

    The 5th Amendment is a US idea to limit the ability of the police to go on fishing expeditions and to compel one to answer any questions. It was added in the Bill of Rights partly because of the American experience with British justice in the Colonial period was not to pretty.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Apr 26th, 2013 @ 9:56pm

    Re: Re:

    For sure!

    Plus if the person actually uses it correctly with installing multiple os there is no way to ever determine if it actually exist or not.

    If done correctly you could give them your password to a dummy os.

    Also people in these types of cases might have something else illegal on their system like software, music, or movies. So a person saying no to encrypt does not mean they're automatically guilty.

    If they wanted to go about this correctly IN THE CASES OF CHILD PORN ONLY.
    Give the person immunity for every other non related illegally downloaded file.

    They could be like if you let us search your drive and do not find child porn we will not use any other illegal file against you.

    Maybe not all but some of the suspects would most likely agree to a search in the case. Some would also turn it down even if they were not guilty but still.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Apr 27th, 2013 @ 5:18am

    considering how quickly judges usually are at making things that are part of your privacy an offence, it ;is good to see someone rule oe at least think the opposite. i wonder how long before the DoJ fight this?

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Violated (profile), Apr 27th, 2013 @ 7:52am

    Re: Re: UK

    I have been checking and the UK has law against self-incrimination under the "right to remain silent" which means you can refuse to answer questions posed by the Police or in Court.

    Be aware though that refusing to answer the Police and instead only revealing your defence in Court can be used against you if the Jury conclude that you used this delay to fabricate a story.

    In this regrade the best thing to tell the Police is that on "legal advise" you refuse to answer any questions. If you wish to be more forthcoming then it is best to have the Police submit questions in written form where these questions and your reply can be parsed through your lawyer. Just keep in mind that answering some questions and not others can be used against you as if you did have something to hide. So in general a blank refusal to answer questions is best and I could name 10 good reasons to validate this concept.

    This has been limited under law in some examples such as if you are arrested under Terrorism laws.

    Keep in mind that the Police can lie including trying to trick you out of your rights.

    The EU's Human Rights Act does not mention self-incrimination directly but separately the EU Court has found "the right to remain silent under police questioning and the privilege against self-incrimination are generally recognised international standards which lie at the heart of the notion of a fair procedure under Article 6"

    None of this addresses the fact that a UK law exists that directly says that if you refuse to hand over your passwords to the Police then they can stick you into prison for up to 5 years. Can this really violate the other?

    The Government grew tired of encryption hindering Police investigations where they made this law thinking that the only people who would want to face a default prison term would be dangerous terrorists and pedophiles.

    I will have to dig out that exact law but I am thinking though that this law is a "lie" that simply cannot he upheld when faced with international standards against self-incrimination. They are trying to compel you to talk and that is unlawful.

    This I believe is why as far as I am aware no one has ever gone to prison for this. The Police would much prefer to fool people into submission with their scare law than to have it challenged in Court and struck down.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous, Apr 27th, 2013 @ 9:19am

    Re: Re: Re:

    If CP was legal, we wouldn't have this problem...as far as CP goes, although I'm sure the government would concoct other excuses (the aforementioned software, music, or movies).
    Whatever a person wants to look at, watch, or listen to in the privacy of his own home should be none of the government's business.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Bergman (profile), Apr 27th, 2013 @ 10:37am

    Re: Re: Re:

    You can also use that to mess with a semi-savvy computer user.

    Label a totally legal image with tags that suggest illegality and email it to people.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    RonKaminsky (profile), Apr 27th, 2013 @ 1:45pm

    Re: Re:

    > BUT must be done in a professional, methodical way

    Unfortunately, just being accused of possessing child porn is more or less a social "game over". It's a shame that most people aren't technologically adept enough to understand that in this era of ubiquitous computing (and therefore, ubiquitous vulnerabilities), almost everyone could end up being (wrongly) accused. Personally, I'd back legislation that requires all investigations of such crimes to be "under seal", and which would severely limit the punishment for the crime if "somehow" this required secrecy was botched during the investigation (yes, I know that's not optimal, but I cannot think of any other way to motivate law enforcement properly).

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Richard (profile), Apr 28th, 2013 @ 7:14am

    Re: Re:

    The police can still compel you to turn over a password if they know beyond reasonable doubt that you know it, and they know beyond reasonable doubt what they'll find when they use it.

    In that case they would have a perfectly good case to take to court WITHOUT revealing the actual data....

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Apr 29th, 2013 @ 2:12am

    Re: Re: Re: UK

    there isn't actually a law, IIRC. the reason you have to turn over your passwords in the UK is because search warrants require the information to be turned over in an intelligible form. IOW, no encryption or obscure file formats.

    And the reason no-one has been prosecuted for it is actaully simpler: if they can prove you know the password, they can make inferences about the content of the file. Ergo, people are charged with the original offense, not with failing to provide the password

    not only that, but there are actually quite a few ways to get the passwords. (and, incidentally, using multiple partitions or OSes doesn't help you- they copy the entire physical disk to run their analysis on, so they WILL find what you're trying to hide.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Apr 29th, 2013 @ 3:01am

    problem- if there is no way to compel a password be turned over, then how do you avoid the situation where sufficiently strict encryption renders it impossible to prosecute a crime? Cryptanalysis might be good, but it can take ages, and there is no guarantee that you can break the encryption successfully- possible reasonable doubt that could see a criminal walk free.

    in short, it may be better to design protections for those forced to give up their passwords (like, for example, excluding the password from being evidence of guilt) than banning a requirement to turn over passwords.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Ninja (profile), Apr 29th, 2013 @ 4:04am

    Re:

    like, for example, excluding the password from being evidence of guilt

    Huh? So they can see the evidence and not use it? Then why bother?

    And honestly this falls under that stupidity of "if you haven't done anything wrong you have nothing to hide". I use encryption all the time and I've never done anything wrong but suppose someone falsely accuses me of possessing and distributing child porn. The burden is not on me to prove my innocence and I am not required to generate evidence against myself. The best the Govt can do is to try to break the "sufficiently strict encryption" I laid on my personal stuff which can be anything from only harmless stuff to me and my gf making out on camera.

    There are other means of verifying accusations such as wiretapping (with judicial warrants) and even operations with officials under cover. Forcing a password out by any means is not an option.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    btr1701 (profile), Apr 29th, 2013 @ 12:29pm

    Re:

    > The hard drives may have been in his possession,
    > but the police were unable to establish beforehand
    > whether any child porn found on those drives was
    > placed there by the defendant or by someone else.

    How did they even know there was child porn on them if they were encrypted/password-protected?

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    btr1701 (profile), Apr 29th, 2013 @ 12:32pm

    Re: Re:

    > The police can still compel you to turn over
    > a password if they know beyond reasonable doubt
    > that you know it, and they know beyond reasonable
    > doubt what they'll find when they use it. That
    > hasn't changed in this ruling.

    I suspect you don't know what you're talking about. "Beyond a reasonable doubt" is a jury standard that has to be met by the prosecution at trial. It has nothing to do with the police and the standards by which they conduct their investigations.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    btr1701 (profile), Apr 29th, 2013 @ 12:42pm

    Re: Re:

    > Then you get slapped with 'contempt of court',
    > which is basically the legal way to coerce you
    > to cooperate, and can involve pretty much unlimited
    > jail time until you agree to do what they want you to.

    That only works when there's undeniable proof that the defendant *can* produce what the government is requesting.

    Unless the government can prove that you have the password and are refusing to provide it-- that you haven't forgotten it, that you purposely never learned it, etc.-- they can't keep in you jail forever based on that.

    The key concept behind these kinds of contempt rulings is that "the defendant has the keys to his own jail cell". In other words, he can let himself out at any time. All he has to do is cooperate. If the defendant actually *can't* let himself out because he doesn't have the information the government wants, then the contempt charge is invalid and if his lawyer can show that on appeal, the trial court's contempt order will be overturned.

    Still and all, while you can theoretically be subject to indefinite incarceration for contempt, no jailing for contempt in America has ever gone beyond a couple of years, and that's at the extreme. So if I was a defendant and knew that I had stuff on my computer that would send me to the state pound-you-in-the-ass penitentiary for 10-15 years, I'd take two years in the county jail for contempt every time and leave the evidence encrypted where the government couldn't get to it.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    btr1701 (profile), Apr 29th, 2013 @ 12:46pm

    Re:

    > if there is no way to compel a password be
    > turned over, then how do you avoid the situation
    > where sufficiently strict encryption renders it
    > impossible to prosecute a crime?

    Same way you handle any other case where you can't find enough evidence to convict without violating the Bill of Rights.

    The defendant walks free.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Jun 4th, 2013 @ 9:10pm

    Re: Re: UK

    It was originally in the magna carta..

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Froibo, Jun 4th, 2013 @ 9:12pm

    Re: Re: UK

    It was adopted from the Magna Carta...

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Unknown, Mar 19th, 2014 @ 9:56am

    Re: Search Warrant

    no becuse we have the right not to incriminate our self by giving them the info its like just saying it to the judges face i did this and you made me say this.... know he does not have to incriminate him self by doing that so a warrants.... would you want to hand over any ove your password to the government, but he's guilty because he wont open his computer so that means he's either a very priavate person or he gots some bad things on there! Hope this helped you out....

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This