I Was Cited in a Court Decision

An article I co-wrote — my first law journal article — was cited by the Massachusetts Supreme Judicial Court — the state supreme court — in a case on compelled decryption.

Here’s the first, in footnote 1:

We understand the word “password” to be synonymous with other terms that cell phone users may be familiar with, such as Personal Identification Number or “passcode.” Each term refers to the personalized combination of letters or digits that, when manually entered by the user, “unlocks” a cell phone. For simplicity, we use “password” throughout. See generally, Kerr & Schneier, Encryption Workarounds, 106 Geo. L.J. 989, 990, 994, 998 (2018).

And here’s the second, in footnote 5:

We recognize that ordinary cell phone users are likely unfamiliar with the complexities of encryption technology. For instance, although entering a password “unlocks” a cell phone, the password itself is not the “encryption key” that decrypts the cell phone’s contents. See Kerr & Schneier, supra at 995. Rather, “entering the [password] decrypts the [encryption] key, enabling the key to be processed and unlocking the phone. This two-stage process is invisible to the casual user.” Id. Because the technical details of encryption technology do not play a role in our analysis, they are not worth belaboring. Accordingly, we treat the entry of a password as effectively decrypting the contents of a cell phone. For a more detailed discussion of encryption technology, see generally Kerr & Schneier, supra.

Posted on March 15, 2019 at 2:38 PM7 Comments


readly March 15, 2019 4:09 PM

In case anyone wants to know without reading leagalese, the SJC did overturn a lower court’s decision and compel the defendant to unlock his phone.

Tõnis March 15, 2019 8:30 PM

Reading this decision/order (and other stuff about this foregone conclusion sophistry) has only reinforced my belief and previous conclusions that it’s never in an accused’s interest to help the police/government. I think it’s best to remain silent and admit nothing. Make them have to prove every tedious detail. I wouldn’t even admit putting a password on my phone. It’s entirely possible that I’m one of the many people who walks around with a phone that has no password, that while I was passed out drunk last week one of my many party “friends” put a password and activated encryption on the phone. Even a thug-with-a-badge who would like to see me end up in “contempt” of some judge’s order to unlock the phone could have done it. Interrogator: “Well, if someone else put a password on your phone why would you carry it around with you?” Duh. In case I want to answer a call, maybe? I don’t have to unlock a phone or access its content (if there even is any content) just to answer phone calls. Sadly, this is how subjects must now behave in their land of the “free.” Why wouldn’t one initiate a security wipe on a phone as soon as he suspects police have him in their sights? Suspect: “I don’t know why that gadget is doing that; it seems to have started doing that by itself.” Resistance to tyranny is service to God.

Jon March 15, 2019 8:47 PM

The law is like a loaded supertanker ship. It does not change direction easily, and when it does change direction you had better be pretty sure you’ll be happy with the new direction when it’s done.

So, can we have the same argument about biometrics and the forced relinquishing thereof them, too?


MrC March 16, 2019 1:11 AM

Too bad the Court got it wrong. The ball is hidden in footnotes 10 and 11 where the Court draws a laughable distinction between “decrypt your phone and then hand us the incriminating files” and “decrypt your phone and then hand the whole phone over to us” in order to excuse the government from the requirement that it prove to a reasonable certainty that the incriminating files exist on the phone in the first place. The concurrence (starting on page 37 of the pdf) does an elegant job of explaining why this decision is wrong and what the rule ought to be (or arguably is, if you adhere to the view that the Constitution still means what it means even when courts depart from it).

Andy March 16, 2019 7:57 PM

After a year or more of litigation the defendant will have forgotten the password though. The power of the precedent will affect the next defendant the government goes after.

good old george March 26, 2019 8:39 AM

It’s insane that a court can compel someone to decrypt a phone. If they can do that, regardless of what doublethink argument is used to defend it, then the 5th amendment has no meaning in the digital age.

I love the argument that the defendant can be compelled to provide a password because the existence of the decrypted version is a “foregone conclusion” (since decrypted versions exist of all encrypted data…) and therefore having the password “provides no additional knowledge” to the government, despite the fact that they have no idea what might be on the filesystem.

This is the same kind of doublethink (or extremely muddled reasoning) that gave us the Obamacare decision, wherein the concepts “tax” and “penalty” were conflated to such an extreme degree that they were no longer distinct.

As Orwell wrote, when words lose their meanings, the people lose their freedoms.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.