DOJ Asks DC Court To Compel Decryption Of Device Seized In A Capitol Raid Case

from the be-careful-what-you-ask-for dept

The DOJ is testing some waters it may not want to be troubling, not with hundreds of prosecutions stemming from the January 6 Capitol raid on the docket. It has asked the DC court to compel a defendant to decrypt his laptop so the FBI can search it for evidence. (h/t Marcy Wheeler)

The government is seeking an All Writs Act order [PDF] forcing the alleged device owner to unlock the device using either his face or his passcode.

The government respectfully moves for an order compelling the defendant to produce a critical piece of evidence – his Microsoft Surface Pro laptop computer – in an unencrypted state. The government proposes a two-step process: First, the defendant should be ordered to place his face in front of the computer’s camera, so that the computer can be biometrically unlocked. Second, if the biometric attempt does not unlock the computer, the defendant should be ordered to type his passcode or PIN into the computer.

Having failed to obtain consent, the government is now hoping to achieve this by force. This isn't a particularly wise idea considering how many cases it's currently juggling in this circuit. If the court decides this violates the Fifth Amendment, it may negatively affect other prosecutions involving secured devices.

The government argues there's no Fifth Amendment issue here.

The requested relief would not violate the defendant’s Fourth or Fifth Amendment rights. With respect to the Fourth Amendment, there is only minimal intrusion on the defendant’s privacy, and there is probable cause that the defendant’s face can unlock the Subject Device (and lead to the recovery of relevant evidence). With respect to the Fifth Amendment, Reffitt’s entering his password into the Subject Device does not violate his privilege against self-incrimination, because his act of production would not be testimonial, since the only potentially testimonial component implicit in his act of producing the unlocked/unencrypted device is a foregone conclusion.

This will come down to what the court feels the phrase "foregone conclusion" actually means. While the act itself (either presenting biometrics or providing a passcode) isn't necessarily testimonial, it does give the government access to evidence that might be used against the person being compelled to grant access to this information. At least one court has found that entering passwords and providing evidence are basically the same thing, since the first naturally leads to the latter. The government has no interest in the password, even though that's what it is seeking to compel. It's interested in what having that password entered will provide.

If the only foregone conclusion the government needs to have in its possession is who owns the computer, obviously compelled decryption will help establish ownership. The government appears to know whose computer it is. The Surface Pro targeted by the proposed order displays the name of the defendant (Guy Reffitt) on the screen when opened. And, despite Reffitt (initially) telling investigators otherwise, one of Reffitt's family members confirmed it belonged to the defendant.

Having that much information on hand might be enough to compel decryption if the court decides the only foregone conclusion the government needs to reach is the most likely owner of the device it's seeking to unlock. But if the foregone conclusion bar is set higher -- a likely source of criminal evidence -- things will get much more difficult for the government.

The government is basing this request on the theory that recordings captured at the Capitol by the suspect's helmet-mounted camera were moved to the laptop for storage prior to their deletion from the camera. However, the government seized multiple devices from the defendant's home, including three phones, two other laptops, and one desktop computer. Most of those have been searched already and determined they don't hold any relevant data.

The government is assuming -- based on statements by family members who viewed recordings on that device -- that's where the recordings it is seeking are now located. But it won't know this until after it performs a search. And it can't perform a search until the device is unlocked. This assumption is credible, but the files could have been uploaded to the cloud and viewed on the device, which means the files the government concludes (in a foregone way) must reside on the laptop possibly aren't actually there.

If the court decides the government doesn't have more than a hunch at this point, it may deny this order. And it may decide to lay down some Fifth Amendment ground rules that eliminate compelled production as an option. This is a roll of the Constitutional dice the government may later regret -- a rerun of its failure to compel decryption assistance in the San Bernardino case. But if it goes the other way, it will become that much easier for the government to pursue prosecutions in a district that handles an outsized portion of the DOJ's cases.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, 5th amendment, all writs act, decryption, doj, encryption, facial recognition, january 6th, unlocking


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 21 Jun 2021 @ 10:22am

    Having it both ways

    As noted the point of compelled decryption is not the password it's what the password allows access to, something that should always be the first consideration for cases like this when it comes to the fifth.

    The government wouldn't be asking for forced decryption if they didn't think that what was on the device wouldn't be of use for them, and given this is a prosecution the use is pretty obviously against the person who would be decrypting the device so the idea that this wouldn't involve self-incrimination is an idea that really doesn't hold up as they are trying to force the defendant to provide potentially self-incriminating evidence that the government doesn't currently possess.

    reply to this | link to this | view in chronology ]

    • identicon
      AricTheRed, 21 Jun 2021 @ 3:29pm

      Re: Having it both ways

      Perhaps having it only one way is the goal in this case?

      If the family members have testified or given evidence that the vides WERE ON the device, perhaps the gubbment is trying to prove that they are NO LONGER on the device so they can charge the person with destruction of evidence.

      It is not often WHAT YOU DID that they get you for, but WHAT THEY CAN GET YOU FOR that they end up getting you for...

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 22 Jun 2021 @ 5:47am

        Re: Re: Having it both ways

        But in either case, the government is asking for something it doesn't have via the defendant in essence incriminating himself.

        reply to this | link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 22 Jun 2021 @ 2:24am

      Re: Having it both ways

      "The government wouldn't be asking for forced decryption if they didn't think that what was on the device wouldn't be of use for them..."

      Although the general trend of your argument is right, this particular sentence isn't. The DoJ helmed so long by Bill Barr will look at a person and decide that since he's wearing pants he must have something to hide. And that a refusal to strip must mean he has tattooed the detailed plans of overthrowing the government on his dick.

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 21 Jun 2021 @ 12:19pm

    1 more step

    Just another step.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jun 2021 @ 12:31pm

    Unless the government already has the video they desire and is certain that another copy of that video resides on that computer, then "forgone conclusion" isn't valid. I will agree that it's a "forgone conclusion" about who owns the computer. But as others have already said, the government doesn't actually care about the password. The government is more concerned about the pool that's locked up and wants the pool unlocked so it can go fishing.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jun 2021 @ 1:49pm

    I suppose there's an interesting reason why the government can't take a HD photo of the defendant and put it on a poster in front of the computer as they turn it on.

    reply to this | link to this | view in chronology ]

  • icon
    Nathan F (profile), 21 Jun 2021 @ 1:50pm

    The requested relief would not violate the defendant’s Fourth or Fifth Amendment rights. With respect to the Fourth Amendment, there is only minimal intrusion on the defendant’s privacy,

    I'm sorry what? What kind of stuff is that guy smoking because I'm almost sure there is as much or more personal information on that laptop then he might have on his phone.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jun 2021 @ 1:58pm

      Re:

      True, but seizure of, say, a locked file cabinet has been legally do-able for decades.

      What, fundamentally, is the difference between a computer password and a combo lock combination?

      reply to this | link to this | view in chronology ]

      • icon
        Norahc (profile), 21 Jun 2021 @ 2:04pm

        Re: Re:

        The fundamental difference is who is unlocking it. Your file cabinet analogy fails because the government can open the file cabinet (ie forcing the lock open, cutting it off, hiring a locksmith, etc...) without the defendant doing it for them.

        reply to this | link to this | view in chronology ]

        • icon
          sumgai (profile), 21 Jun 2021 @ 7:10pm

          Re: Re: Re:

          The fundamental difference is who is unlocking it. Your file cabinet analogy fails because the government can open the file cabinet [in some manner] without the defendant doing it for them.

          No, the locked file cabinet still has the same protections - it needs a warrant of compulsion, too. Even if most folks don't keep their personal lives in the filing cabinet (they more often used a Rolodex... look it up), there is still the bit about privacy that's pretty much set in stone, aka 4A and 5A.

          reply to this | link to this | view in chronology ]

      • icon
        sumgai (profile), 21 Jun 2021 @ 7:09pm

        Re: Re:t

        What.... is the difference between a computer password and a combo lock combination?

        I'd imagine it to be something on the order of 256 bits versus 5 bits (tumbler pins). Thank you, I'll be here all week. Try the veal!

        reply to this | link to this | view in chronology ]

  • icon
    Upstream (profile), 21 Jun 2021 @ 3:04pm

    Dead horses and already settled law?

    I thought that the basics of this issue had been settled long ago: That one can be compelled to produce something one has, like a key, a fingerprint, or their face, but that one cannot be compelled to produce something that one knows, like a safe combination, computer password, or encryption key.

    This has always been the reason given for making sure your phone (or computer, or whatever) cannot be unlocked with biometrics alone if you want to have any chance at all of the government not being able to access it's contents.

    Of course, if the government can get into your safe, phone, computer, or whatever without the combination or password, etc, you are still out of luck, but at least the combination lock or password protection add a degree of difficulty to the task.

    Isn't this just another example of the government trying to breathe new life into a long dead horse, and hoping no one will notice the horse's miraculous recovery?

    reply to this | link to this | view in chronology ]

    • icon
      Norahc (profile), 21 Jun 2021 @ 3:10pm

      Re: Dead horses and already settled law?

      The government doesn't believe in already settled law unless it helps them.

      reply to this | link to this | view in chronology ]

    • identicon
      Pixelation, 21 Jun 2021 @ 3:47pm

      Re: Dead horses and already settled law?

      IIRC, there have been cases that have gone different ways on this. I don't think SCOTUS has settled the debate, yet.

      reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 21 Jun 2021 @ 3:55pm

    It seems to me that making someone provide a password to access a computer would not violate the 5th. Forcing a defendant to tell them what files they have on the computer would be a different story. This should be an interesting test case, if it gets that far.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 21 Jun 2021 @ 4:18pm

      Re:

      It seems to me that making someone provide a password to access a computer would not violate the 5th.

      If the device has potentially incriminating evidence that the government doesn't already have I don't see how it wouldn't be a violation, as you're forcing someone to provide evidence that will be used to incriminate them, that it might take one extra step really doesn't change the underlying act.

      Forcing a defendant to tell them what files they have on the computer would be a different story.

      The two are effectively indistinguishable though, whether you tell someone or not what's on your computer if you give them access to it they can find out themselves, the only real difference is time so if you're against the latter you really shouldn't be in favor of the former either.

      reply to this | link to this | view in chronology ]

  • identicon
    Smartassicus the Roman, 21 Jun 2021 @ 9:59pm

    LUKS Nuke

    It's a bit out of date but there is a patch for LUKS encryption (Linux) that will add a 'nuke' password. If you enter the nuke password at the PW prompt the encrypted keys held in secret keyslots are deleted and unless you have a backup of the keys it can never be decrypted.

    Before anyone goes off and does this, be warned: LUKS stores the keys in a location known only to the system. On a SSD, sometimes the drive moves data around to different locations transparently. If the drive moves a key to a new location, you're screwed. That's why I quit using LUKS, period.

    reply to this | link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 22 Jun 2021 @ 5:18am

      Re: LUKS Nuke

      "...If the drive moves a key to a new location, you're screwed."

      The default SSD method of mitigating data storage degradation may end up bricking it? This sounds like a sign of bad implementation on Y2K levels of fail.

      reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 26 Jun 2021 @ 7:27am

      Re: LUKS Nuke

      If you enter the nuke password at the PW prompt the encrypted keys held in secret keyslots are deleted and unless you have a backup of the keys it can never be decrypted.

      Only do that if the penalty for what you would be convicted for is worse than the penalty for destruction of evidence.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jun 2021 @ 10:54pm

    That proves why you need to use "booby trap" mode, if available

    This is so that if there are too many failed password attempts,. the device wipes itself and resets.

    That is what I have my phones set to, as part of "insane cop proof mode"

    There is no criminal statute you can be prosecuted under if they make too many failed password attempts and the device wipes itself. If they trigger to auto-wipe if there are too many failed password attempts, that are just SOL.

    There is no law in any of Mexico's 31 states, America's 50 states, Canada's 14 provinces, or at the federal level in those countries you can be prosecuted under if the cops cause a wipe and reset if they make too many failed password attempts.

    If your device has a "booby trap" function, use it!!

    reply to this | link to this | view in chronology ]

    • icon
      Norahc (profile), 22 Jun 2021 @ 6:27am

      Re:

      Sounds good right up until the cops figure out what you did and charge you with destruction of evidence in an effort to make new case law against your "insane cop proof mode".

      reply to this | link to this | view in chronology ]

      • icon
        Nathan F (profile), 22 Jun 2021 @ 7:28am

        Re: Re:

        Also, they usually work off a forensic copy of the data. So if they accidently trigger the nuke they can just make another copy of the original and keep going.

        reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

Introducing the new Techdirt Insider Chat, now hosted on Discord. If you are an Insider with a membership that includes the chat feature and have not yet been invited to join us on Discord, please reach out here.

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.