U.S. Federal Court Rules that it Is Unconstitutional for the Police to Force Someone to Decrypt their Laptop

A U.S. Federal Court ruled that it is unconstitutional for the police to force someone to decrypt their laptop computer:

Thursday’s decision by the 11th U.S. Circuit Court of Appeals said that an encrypted hard drive is akin to a combination to a safe, and is off limits, because compelling the unlocking of either of them is the equivalent of forcing testimony.

Here's the actual decision. And another blog post.

Note that this a different case, and an opposite ruling, than this. Although the legal experts say that the rulings are not actually in conflict:

Also note that the court’s analysis isn’t inconsistent with Boucher and Fricosu, the two district court cases on 5th Amendment limits on decryption. In both of those prior cases, the district courts merely held on the facts of the case that the testimony was a foregone conclusion.

Posted on February 27, 2012 at 5:49 AM • 27 Comments

Comments

Clive RobinsonFebruary 27, 2012 6:44 AM

I read about this last week when Will posted up a link ( http://www.schneier.com/blog/archives/2012/02/...


Yes it is good news if it's not overturned on appeal (by a higher court or SCOTUS).

All so as highlighted in our own interest, perhaps we of the computer security industry should stop using the old crypto analagy of a "physical" key and lock, and as was pointed out switch to the analagy of a "non physical" information based combination stored in our heads for the crypto key and emphersise why they are different not just under CompSec but law as well.

As for the "empty vault" argument, I feel the argument is correct. LEA's need to show reasonable suspicion backed by evidence not hearsay etc to get a warrant to enter a building, let alone a vault inside a building.

Further the other argument used by those representing LEA's of "plain sight" also needs to be shot down once and for all. If files are on a hard disk on a system that is sufficiently issolated from publicly accessable networks then they are not on public display plain and simple. Therefor they are not nor could they be in "plain sight".

People in the US should "have a reasonable expectation of privacy" "about their persons and papers" and not have such rights thrown out of the window by a smart mouthed shill working for the Government making what amounts to false accusations or argument.

Oh and perhaps if in future when LEA's make such accusations and they are found to be false, then either the LEA legal representative in court making the claim or the most senior person either instructing them or paying them should do six years (or whatever the maximum is for "false allegation" or "perjury" in the US,) without hope of parole.

This is just to remind them and others that the State has responsabilities to the citizens just as citizens have responsabilities to the State, and that individuals representing the State should not use the over ridding position of the state to prevent fair and reasonable access to justice by individual citizens. As has often been said by various people paid from the public purse "Justice needs to be seen to be done".

CGomezFebruary 27, 2012 7:30 AM

Currently none of these rulings are in conflict. There has been a lot of sensationalized reporting on cases where documents were being ordered handed over but either the bar for self-incrimination was not met or another doctrine such as inevitable discovery was invoked.

It is very much the law of the land (for now) that you can not be forced to decrypt data that contains information that may incriminate you.

RyanFebruary 27, 2012 7:40 AM

Nice. Looks like the links have been fixed.

The decision was an interesting read. Very thorough on whether the testimonial aspects of decryption (knowledge, control, and authenticity of the files) can be established independently, and on the extent of immunity granted (only to production, or to derivative use). Good to see this decision, although I wish the discussion of whether the person is even capable of decrypting (forgot the password, etc.) was not relegated to a footnote.

I guess I'm lucky that I've never tried to hide anything in an encrypted form because it was potentially incriminating, but rather to protect it from more sophisticated thieves (I've been robbed before, so I do think about it more than average). I wouldn't currently have reason to need 5th-A protections, but if hauled into court over the encrypted volume I would probably assert it anyway (it says you can't be compelled to be a witness against yourself, not merely that the testimony in question must be incriminatory in nature) as a way of telling the Gov to mind its own damn business.

Clive RobinsonFebruary 27, 2012 8:20 AM

@ Ryan,

I wouldn't currently have reason to need 5th-A protections...

You like every US citizen require them all the time, beccause you generaly only find out you need them after the case.

This is true whatever you do including lying in a vegetative state in a hospital Critical Care Unit.

The 5th realy should have been extended to cover all cases of when not of sound mind, including that of chemicaly or fear induced state.

vasiliy pupkinFebruary 27, 2012 8:59 AM

As soon as Federal Judges like
Judge Tjoflat exist, prospective of protection of US Constitution and Bill of Rights is good.
If I were President, Judge Tjoflat will be considered as first prospective candidate for Supreme Court Justice.

RyanFebruary 27, 2012 10:02 AM

@Clive Robinson, fair enough in the general, but I'm referring to the specific of my encrypted volumes. I have no content that isn't available elsewhere if the GOV searched hard enough, because they don't exist to hide things from the Gov. They only exist so that if my computer were taken by anybody else, the stuff that's most important to me (for ID theft, or just very personal like pictures my wife sent me while I was deployed, etc.) couldn't just be picked right off the HD. That's why I said I have no need of 5th-A currently, at least as it pertains to those encrypted volumes. Beyond that aspect, though, I would not disagree with you.

Dr. I. Needtob AtheFebruary 27, 2012 10:19 AM

The decision underscores the value of not checking Truecrypt's Quick Format option when setting up a new drive, even though the process can take several hours instead of a minute or two:

But random characters are not files; because the TrueCrypt program displays random characters if there are files and if there is empty space, we simply do not know what, if anything, was hidden based on the facts before us. It is not enough for the Government to argue that the encrypted drives are capable of storing vast amounts of data, some of which may be incriminating. In short, the Government physically possesses the media devices, but it does not know what, if anything, is held on the encrypted drives.

From the Truecrypt documentation:

Quick Format

If unchecked, each sector of the new volume will be formatted. This means that the new volume will be entirely filled with random data. Quick format is much faster but may be less secure because until the whole volume has been filled with files, it may be possible to tell how much data it contains (if the space was not filled with random data beforehand). If you are not sure whether to enable or disable Quick Format, we recommend that you leave this option unchecked. Note that Quick Format can only be enabled when encrypting partitions/devices.

llewellyFebruary 27, 2012 10:40 AM

That's a big relief to people who use Monte Carlo techniques, and thus actually keep huge files of random data lying around on their hard drives.

NobodySpecialFebruary 27, 2012 11:01 AM

@ Dr. I. Needtob - on the other hand, and assuming that the original drive didn't contain anything secret, having a particla record of the underlying 'normal' drive with some random data ontop could give you a better defence of "it's not encrypted - Windows crashed and lost everything"


NobodySpecialFebruary 27, 2012 11:02 AM

@llewelly - no it's fine - we asked that when the law was first brought in and were told by the police not to worry because the law was only for terrorists

PaeniteoFebruary 27, 2012 11:03 AM

It appears to me that the 5th Amendment is actually far weaker than an actual "right to remain silent" as it is often called...

There are so many exceptions, either voiding the "testimony / witness" or the "incriminating / against oneself" part that it's hard to keep track.

Anybody knows how things are in other jurisdictions?
E.g., the german variant "free to make statements" appears stronger.

RyanFebruary 27, 2012 11:57 AM

@Paeniteo,

"It appears to me that the 5th Amendment is actually far weaker than an actual "right to remain silent" as it is often called..."

That miranda right is the derivation of 5th-A as it applies to executive function of law enforcement (the police). The issue here is 5th-A as it applies to the judicial proceedings that follow (the courts). When the next line of the miranda warning is read ("Anything you say can and will be used against you...") it is alerting to the relationship. In police custody (and once properly mirandized), everything you say is construed as willing testimony, which has the obvious possibility of incriminating you later in the courts, but the courts are the only place where one can be *compelled* to testify under threat of contempt. The key is that in order to compel testimony, the 5th-A requires the safeguard that anything you "say" cannot, in fact, be used against you due to a grant of immunity.

I would agree, though, that few members of the general public understand the 5th-A, let alone the line between how it applies to different sections of the Gov.

Giuseppe56February 27, 2012 12:10 PM

I'm not a lawyer but IMO in attempting to circumvent the password issue by asking for an unencrypted copy the judge is actually requesting the defendant to "create" evidence against himself as no clear text copy of that data currently exists anywhere. He would be well served if the defendant took a similar disk full of harmless data, XORed it with the original one, and gave the harmless one to the court witholding the XOR to be produced as "the key" if the validity of the "decryption" was questioned. I would really hate to be the expert witness on that one.

DanielFebruary 27, 2012 12:23 PM

@Paeniteo

I don't agree. I think it is a reasonable proposition that that the right against self-incrimination does not protect people who have already--voluntarily--incriminated themselves. It makes no sense to allow a person to plead guilty to a crime and then when the police ask how you did the crime claim you have a right to remain silent. Huh? That's what the "forgone conclusion" standard intends to encapsulate.

I do think there is a problem with the courts sometimes claiming that evidence is a "forgone conclusion" when it really isn't. But that's not a problem with the legal standard but with the judge.

Bob RoenigkFebruary 27, 2012 12:33 PM

The bottom line is that decryption can be demanded by a court if it can be shown with reasonable certainty a) the contents of the device holds material relevant to a criminal investigation, and b) the device is under the control of the individual in question.

In the Colorado case the police have taped telephone conversations between the defendants about the contents of their encrypted laptop. In this case, the devices were found inside the hotel room. They had no knowledge (direct or hearsay) of what might be on the drives. Also, they could not prove who owned the drives, who might have stored something on the drives or whether the occupant of the room had any knowledge of their contents.

If the defendant decrypted the drives found in his hotel room, that act by itself would be prima facia evidence of knowledge, control and possession.

PaeniteoFebruary 28, 2012 2:50 AM

@Ryan: "few members of the general public understand the 5th-A"

Right you are and thanks for clarifying a bit :-)


@Daniel: "It makes no sense to allow a person to plead guilty to a crime and then when the police ask how you did the crime claim you have a right to remain silent. Huh?"

Wouldn't see a problem with that.
Sentence him based on the confession (and all other available evidence).
Providing additional testimony might be held advantageous when it comes to the severity of the punishment, though.

Dave HoweFebruary 28, 2012 4:36 AM

Plus of course there is not even any evidence these *are* truecrypt volumes. I am assuming each laptop drive itself is protected by truecrypt's boot-time WDE, hence is easily determined to be such, but the external devices will appear to be merely full of random data, with no reason (other than proximity to the laptops) to assume they are truecrypt volumes and not (for example again) the result of secure-overwriting a disk full of incriminating using something like "dban", or by simply piping /dev/random to the volume via dd (in order to create a large one time keypad). In which case, they are themselves key material, rather than readable data, and may not in themselves encode anything :)

MattFebruary 28, 2012 6:20 AM

Knowing that being forced to reveal an encryption key is a possibility, any sane person with encryption will use either plausible deniability (What data?) or a duress key (It's pictures of cats; not the evil plans you thought it would be!).

Therefore, any legislation (or rogue cops) forcing someone to hand over an encryption key (even at gunpoint) becomes a moot point.

Jim AFebruary 28, 2012 10:06 AM

Guiseppe56...Interesting idea. Of course the limitation is that you'd need to do that every time that you wrote or edited anything. As is the fact that any OTP requres a key as long as the cryptotext.

Nick PFebruary 28, 2012 1:41 PM

@ Dave Howe

It often comes down to probability. The person is suspected of a crime, is using TrueCrypt on their main laptop, and has a chunk of random data on an external device. Police officer: "Hmm, is that TrueCrypt related or some little used random-overwriter thing?" Guess which is the most logical answer.

More sophisticated officer: "He'd have DBAN and Truecrypt together just to mess with our heads. He knows we might not be able to tell the difference. I had heard of this on some blog. Of many suspects using encryption, this guy is the only one using it like this that I've run into. He's probably trying to hide something."

Either way, it's not a good idea. Well-hidden flash drives & RAM-based OS are better options.

LinkTheValiantFebruary 28, 2012 2:21 PM

He's probably trying to hide something.

And unfortunately, the judicial system hasn't yet figured out that "having something to hide" is not the same as "being an evil Communist/Fascist/Chinese hacker/agent of terror."

Put it a different way: Some bedrooms are afforded privacy by a mere set of opaque curtains, with a standard interior locking doorknob. Others are screened by soundproofed walls and blackout shades, with triple deadbolts and two doorknobs. Is the presence of such intense privacy measures a sign that crimes are committed within? Is the lack indicative of an innocent?

It's as if building a bunker in one's backyard automatically indicates an intention to overthrow the government. (Rather than, say, building one BECAUSE I CAN.)

Clive RobinsonFebruary 29, 2012 4:19 AM

@ Nick P,

It often comes down to probability.

Yup with random it always does 8)

That bad joke out of the way more often it's because of a credible "back story".

If you claim your random file is just "random bytes", you have to justify having it for some reason. That is irespective of where it is having it is a give away it has to be used for something...

So if you don't have an engineering or stats application that takes in random data in the format you have it on the drive there is no point claiming it's for Monte Carlo simulations etc.

Secondly even if you do have an appropriate app you do need to use it in a convincing way. That is you need an appropriate engineering or maths simulation that an expert in that engineering or maths subject domain would recognise as valid.

Then there are the file access dates and times, if the access time for read on the random file does not match a file output from the simulation package then the qquestion hangs in the air "what other app has accessed this data?" shortly followed by "and why?"

Then of course there is the human "back story" it's pointless claiming to be an engineer, mathmetician or scientist if an undergrad can ask you a couple of simple questions you cannot answer. Also you need a valid history of employment in that subject domain.

Which is one of the reasons "Intel Officers" employ "agents" either from their own country or in the country they wish to gather intel on. It's also the reason the likes of journalists get frequently accused as "foreign intel officers" or "agents" simply because in many respects it's an ideal cover...

Anyway back to random files have you ever heard of "Russian Coupling"?

The way many codes and ciphers are broken is "known plaintext" at the begining or end of the transmission (or file). This is especialy true these days with the likes of MS Office and other Office packages putting in huge headers of data which frequently do not change on any given machine or given version of the software etc.

A hundred or so years ago this was recognised as a significant problem, the solution was simple, simply break the encrypted information at some point and swap the end piece for the start piece. That way any charecteristic header or footer gets buried somewhere in the file or transmission. Obviously the break point needs to be kept as secret as the key (if not more so).

The same principle could be used on data files etc but instead of one break and swap many breaks and swaps could be used. Thus assuming a simple cipher such as an OTP having the key stream still requires knowing the transformation key.

If instead of an OTP you used a stream cipher or block cipher, providing the break points were less than the unicity distance you could not get a reliable decrypt without knowing the transformation key for unshuffeling the breaks.

One of the old "holy grails" of cryptography was the transposition cipher with a transformation block size the same as the message. Ross J. Anderson came up with a design (dancing bear if my old brain remembers correctly) that actually achieved this.

David SchwartzMarch 2, 2012 11:24 PM

"Currently none of these rulings are in conflict. There has been a lot of sensationalized reporting on cases where documents were being ordered handed over but either the bar for self-incrimination was not met or another doctrine such as inevitable discovery was invoked.

It is very much the law of the land (for now) that you can not be forced to decrypt data that contains information that may incriminate you."

If the government can force me to decrypt documents for them just by showing that discovery of the existence of the documents was inevitable, then I certainly can be forced to decrypt data that contains information that may incriminate you. Inevitable discovery pertains to the existence of the documents, not their contents. The government does not have to show that it could obtain the documents some other way, only that it knows they exist.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..