I Was Cited in a Court Decision

An article I co-wrote -- my first law journal article -- was cited by the Massachusetts Supreme Judicial Court -- the state supreme court -- in a case on compelled decryption.

Here's the first, in footnote 1:

We understand the word "password" to be synonymous with other terms that cell phone users may be familiar with, such as Personal Identification Number or "passcode." Each term refers to the personalized combination of letters or digits that, when manually entered by the user, "unlocks" a cell phone. For simplicity, we use "password" throughout. See generally, Kerr & Schneier, Encryption Workarounds, 106 Geo. L.J. 989, 990, 994, 998 (2018).

And here's the second, in footnote 5:

We recognize that ordinary cell phone users are likely unfamiliar with the complexities of encryption technology. For instance, although entering a password "unlocks" a cell phone, the password itself is not the "encryption key" that decrypts the cell phone's contents. See Kerr & Schneier, supra at 995. Rather, "entering the [password] decrypts the [encryption] key, enabling the key to be processed and unlocking the phone. This two-stage process is invisible to the casual user." Id. Because the technical details of encryption technology do not play a role in our analysis, they are not worth belaboring. Accordingly, we treat the entry of a password as effectively decrypting the contents of a cell phone. For a more detailed discussion of encryption technology, see generally Kerr & Schneier, supra.

Posted on March 15, 2019 at 2:38 PM • 5 Comments

Comments

readlyMarch 15, 2019 4:09 PM

In case anyone wants to know without reading leagalese, the SJC did overturn a lower court's decision and compel the defendant to unlock his phone.

T├ÁnisMarch 15, 2019 8:30 PM

Reading this decision/order (and other stuff about this foregone conclusion sophistry) has only reinforced my belief and previous conclusions that it's never in an accused's interest to help the police/government. I think it's best to remain silent and admit nothing. Make them have to prove every tedious detail. I wouldn't even admit putting a password on my phone. It's entirely possible that I'm one of the many people who walks around with a phone that has no password, that while I was passed out drunk last week one of my many party "friends" put a password and activated encryption on the phone. Even a thug-with-a-badge who would like to see me end up in "contempt" of some judge's order to unlock the phone could have done it. Interrogator: "Well, if someone else put a password on your phone why would you carry it around with you?" Duh. In case I want to answer a call, maybe? I don't have to unlock a phone or access its content (if there even is any content) just to answer phone calls. Sadly, this is how subjects must now behave in their land of the "free." Why wouldn't one initiate a security wipe on a phone as soon as he suspects police have him in their sights? Suspect: "I don't know why that gadget is doing that; it seems to have started doing that by itself." Resistance to tyranny is service to God.

JonMarch 15, 2019 8:47 PM

The law is like a loaded supertanker ship. It does not change direction easily, and when it does change direction you had better be pretty sure you'll be happy with the new direction when it's done.

So, can we have the same argument about biometrics and the forced relinquishing thereof them, too?

Jon

MrCMarch 16, 2019 1:11 AM

Too bad the Court got it wrong. The ball is hidden in footnotes 10 and 11 where the Court draws a laughable distinction between "decrypt your phone and then hand us the incriminating files" and "decrypt your phone and then hand the whole phone over to us" in order to excuse the government from the requirement that it prove to a reasonable certainty that the incriminating files exist on the phone in the first place. The concurrence (starting on page 37 of the pdf) does an elegant job of explaining why this decision is wrong and what the rule ought to be (or arguably is, if you adhere to the view that the Constitution still means what it means even when courts depart from it).

AndyMarch 16, 2019 7:57 PM

After a year or more of litigation the defendant will have forgotten the password though. The power of the precedent will affect the next defendant the government goes after.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.