Final Version, “Compelled Decryption and the Privilege Against Self-Incrimination”

Now out in the Texas Law Review.

|The Volokh Conspiracy |

I am pleased to say that the Texas Law Review has published the final version of my article on how the Fifth Amendment applies to compelling a person to enter a password: Compelled Decryption and the Privilege Against Self-Incrimination. This article has roots in some blog posts that I wrote here at the Volokh Conspiracy a few years ago. Given the recurring and difficult nature of the question, I decided to expand considerably on the posts by writing the full article. It's still relatively short by law review article standards, though, at a relatively svelte 33 pages.

Here's the abstract:

This Essay considers the Fifth Amendment barrier to orders compelling a suspect to enter in a password to decrypt a locked phone, computer, or file. It argues that a simple rule should apply: an assertion of privilege should be sustained unless the government can independently show that the suspect knows the password. The act of entering a password is testimonial, but the only implied statement is that the suspect knows the password. When the government can prove this fact independently, the assertion is a foregone conclusion and the Fifth Amendment poses no bar to the enforcement of the order. This rule is both doctrinally correct and sensible policy. It properly reflects the distribution of government power in a digital age when nearly everyone is carrying a device that comes with an extraordinarily powerful lock.

I was very pleased that the Massachusetts Supreme Judicial Court relied on my article recently in Commonwealth v. Jones, which adopted the standard I suggest for apppying the foregone conclusion doctrine. Here's the key passage from Jones, which was decided on March 6:

[F]or the foregone conclusion exception to apply, the Commonwealth must establish that it already knows the testimony that is implicit in the act of the required production. Id. at 522-523, 11 N.E.3d 605. In the context of compelled decryption, the only fact conveyed by compelling a defendant to enter the password to an encrypted electronic device is that the defendant knows the password, and can therefore access the device. See id. See also Kerr, Compelled Decryption and the Privilege Against Self-incrimination, Tex. L. Rev. (forthcoming 2019) (manuscript at 18) ("the only assertion implied by entering the password is that the person compelled knows the password"). The Commonwealth must therefore establish that a defendant knows the password to decrypt an electronic device before his or her knowledge of the password can be deemed a foregone conclusion under the Fifth Amendment or art. 12.

Other courts are now grappling with the same issue. For example, the Indiana Supreme Court will hold oral argument in a case raising the same question on April 18th.

The Texas Law Review invited Professor Laurent Sacharoff to respond to my article, and he wrote a 10-page response in the Law Reviews's online edition: What Am I Really Saying When I Open My Smartphone? A Response to Orin S. Kerr. (Laurent and I have been disagreeing about this issue for years, so it was great to have our differing views directly in print.) From his introduction:

The rule should not be, as Kerr argues, whether the government can how the suspect knows the password to the device. Rather, the rule should be whether the government already knows the person possesses the files on the device and can identify them with reasonable particularity. This rule, after all, is precisely what the case law requires in an ordinary documentproduction situation.

Which of these two rules should govern depends, roughly speaking, upon whether this foregone conclusion doctrine applies to the password only or to the files on the device as well. This debate has divided courts recently. In fact, some courts holding that the government must merely establish that the suspect knows the password have often cited Kerr's argument made earlier in blog posts that have ultimately led to his more serious consideration here.

The difficulty arises because the act of production doctrine itself, and therefore the foregone conclusion doctrine, rest upon a faulty premise. Courts and some scholars including Kerr rarely discuss this flaw and how it infects the entire act-of-production enterprise. This short response piece shows how we must address this flaw before applying the act of production doctrine to the new situation of passwords.

Below, I first sketch the act of production doctrine as it applies to ordinary document productions, along with its faulty premise, before applying the analogy to entering passwords to unlock devices. I then try to show why Kerr's simple rule does not follow from the existing case law, in part because he has failed to take account of this faulty premise. Finally, I assess Kerr's larger normative argument.

I reply to the core of Professor Sacharoff's response in my article with the following:

Professor Sacharoff contends that the testimony implicit in entering a password to decrypt a device includes additional statements, specifically that "the device likely belongs to the person" who entered the password "and that the person possesses, perhaps knowingly, the files on the device." In my view, Professor Sacharoff is mixing up the implied testimony inherent in an act with its evidentiary value. The implied testimony of an act is what a person must have been thinking to complete the act. On the other hand, the evidentiary value of an act is what conclusions a fact-finder might be more or less inclined to reach upon learning of the act. An act of decryption no doubt can have broad evidentiary significance in many cases. A fact-finder informed that a person decrypted a device may be more inclined to think that the person owns the device and may have knowledge of its contents. But the privilege against self-incrimination harnesses different principles than evidence law. What matters for the privilege is the state of mind that the act necessarily reveals, not what facts about the world an act suggests are more likely to be true.

I have more thoughts on Professor Sacharoff's response that I'm happy to add if there is interest. But I figured that, for now, I would at least put the links up and let readers know about the article and the exchange.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

82 responses to “Final Version, “Compelled Decryption and the Privilege Against Self-Incrimination”

  1. The rule should be that once the government has the phone, it already has all the evidence there is, and the defendant is incapable of “producing” anything. Requiring the defendant disclose information necessary to interpret the evidence violates the fifth amendment, no matter how you try and dance around it.

    1. THINK ABOUT IT?..
      Earning in the modern life is not as difficult as it is thought to be. God has made man for comfort then why we are so stressed. We are giving you the solution of your problems. Come and join us here on just go to home TECH tab at this site and start a fair income bussiness

    2. Agreed. That rule would be a significant departure from current precedent but that or something very close is definitely what the rule should be.

      1. Prof Kerr uses the wrong presidents. This has nothing to with testimony implicit in the act of production, but with testimony explicit in the act of production. If the password is 1234, then the government needs to know that the password is 1234 and they want you to force you to tell them, directly or indirectly, that the password is 1234. Prof Kerr’s argument is a lot of sophistry designed to obscure this fairly simple fact.

        1. If the password is 1234, then the government needs to know that the password is 1234 and they want you to force you to tell them, directly or indirectly, that the password is 1234.

          No one is suggesting that the suspect can be compelled to tell the government what their password is.

          1. No one is suggesting that the suspect can be compelled to tell the government what their password is.

            A distinction without a difference. Once the police have the phone, and you have entered the password, they can change it.

            1. Why does it matter if they can change it?

          2. “No one is suggesting that the suspect can be compelled to tell the government what their password is.”

            Why would it matter whether they tell the government directly, or punch it into a phone so that the phone derives information from it?

            1. Because the government doesn’t learn it that way, which is, at least traditionally, the point of the privilege?

    3. Well stated.

  2. There are two ways of addressing this. We can look at what is practical, or we can look at the fundamental morality of a right against self-incrimination.

    I don’t think there is anything in history that says that the right against self-incrimination was intended to provide any balance or distribution of power between a defendant and the government. More likely, the founding fathers had an instinctive sense of fairness and considered it simply morally unacceptable that the government should commandeer a defendant into assisting in his own prosecution. Not that different from the immorality of making a person dig his own grave before he is executed.

    So: is compelled decryption analogous to getting a blood sample, getting fingerprints, extracting from pockets the key to a safe, or getting DNA? I don’t think so. All of these can be done if the defendant is lying there unconscious. Compelled decryption cannot.

    The doctrine has been distorted over he centuries into something unrecognizable. What was merely a moral stand has now become a balancing of interests and an inquiry what society considers reasonable. Forgotten is the simple circular fact that what American society considers reasonable is largely driven by what the Supreme Court says.

  3. My preferred rule would be that the government gets the data if has a valid warrant and it can succeed in decrypting the phone.

    That’s based on equilibrium adjustment and is consistent with what happens when suspects hide evidence in physical ways.

    1. Indeed, it is somewhat analogous to an order to divulge where one hid the body.
      Using the same logic regarding foregone discovery:
      The police have a. backhoe and a court order to dig up your yard, which they strongly believe contains one or more corpses, thus the discoveryy of the body is a foregone conclusion, so the order to to the defendant to divulge the location of the grave is upheld.

      The safe cracking analogy often used is narrow enough so as to allow the courts to comfortably compel password disclosure. But generalize the analogy a bit and the courts reasoning unravels.

      1. Gasman, I think you are mixing up the inevitable discovery doctrine in 4th and 6th Amendment law — a limit on the exclusionary rule, based on a notion of but for cause — with the foregone conclusion doctrine in 5th Amendment law — an aspect of the underlying right, based on an effort to identify what is incriminating. I don’t see how they are similar, FWIW.

      2. Gasman, I think you are mixing up the inevitable discovery doctrine in 4th and 6th Amendment law — a limit on the exclusionary rule, based on a notion of but for cause — with the foregone conclusion doctrine in 5th Amendment law — an aspect of the underlying right, based on an effort to identify what is incriminating. I don’t see how they are similar, FWIW.

      3. Gasman, I think you are mixing up the inevitable discovery doctrine in 4th and 6th Amendment law — a limit on the exclusionary rule, based on a notion of but for cause — with the foregone conclusion doctrine in 5th Amendment law — an aspect of the underlying right, based on an effort to identify what is incriminating. I don’t see how they are similar, FWIW.

      4. Gasman, I think you are mixing up the inevitable discovery doctrine in 4th and 6th Amendment law — a limit on the exclusionary rule, based on a notion of but for cause — with the foregone conclusion doctrine in 5th Amendment law — an aspect of the underlying right, based on an effort to identify what is incriminating. I don’t see how they are similar, FWIW.

  4. Probably in the not to distant future, this problem will be solved by technology, that is an additional layer of indirection and an international server. How will this work?

    Basically, NO ONE will remember their password anymore. Instead people will remember the password to the password. The real password will be stored on several international servers outside the U.S. and not subject to any U.S. court. These international servers will use SECRET SHARING (look it up, you will remember it longer), so that all servers will have to be compromised to circumvent the rules.

    Normal usage: You need to authenticate yourself. You give the password to the password to the international servers, which returns the real password to those whom you need to authenticate to. YOU NEVER SEE THE REAL PASSWORD. This real password is checked as usual. This is all done automatically by a standard computer program, so the user does not need to think about the details.

  5. Continued from international servers.
    Compromised usage: You are arrested or kidnapped. A CANARY tells the international servers that you are compromised. The International servers start requiring proof that you are free and clear of coercion before they will release the real password. The password to the password stops working because the servers have lost trust in you. You can truthfully tell any court that you never had the real password. And you will be believed because it is well known that that is how these servers work. And you can not force the servers to trust you again until you can prove that you are free and clear of coercion.

    How the CANARY works: you would choose this at setup time. Many possibilities:
    1) a friend or attorney could be the CANARY.
    2)Automatic CANARY when you go incommunicado when arrested or kidnapped. That is, you routinely tell someone that no one has messed with you. if you stop doing this, they report.
    3) an Organization that reads the arrest records and newspapers everyday.
    4)some combination of the above.

    DEFENSIVE FORMULATION: I did not set this up to evade U.S. law, I was worried about being kidnapped by criminals or coerced by foreign governments.

  6. AND THE BEAT GOES ON: The existence of servers such as the above will cause another round in the fight for enslavement/freedom. Perhaps the supreme court will make up a phony reason to authorize rubber hoses before you can talk to your lawyer or the world realizes that you have been arrested . The bill of rights never really said what it said don’t you know. Not if it is inconvenient to the government.

  7. I wonder what the cops will have to do to the suspect, if the law does say that compulsion is OK, but suspect still would not comply? Will they torture him to cough up the correct password? Or maybe noncompliance could result in adverse assumption against him?

    1. The way this will play out in real life is bad. If you don’t know the password, or have forgotten the password, a judge will find by a preponderance of evidence that you do, in fact, know the password. Then he will keep you locked up until you give up the password, which you can’t. No judge will ever take someone at their word that they have forgotten the password.

      1. TwelveInchPianist, this is what Bruce Schneier and I wrote about this issue:

        One difficulty with enforcing compliance with decryption orders is that a court may be unable to accurately determine if the defendant is unable to comply. A defendant may truthfully claim to have forgotten the password or to have never known it. If the trial judge finds that testimony unpersuasive and wrongly believes that the defendant is testifying falsely, the judge may wrongly convict the defendant of willful refusal to comply with the order. In that case, using strong encryption may actually work against the suspect’s interests: an innocent suspect who forgets his password presumably would rather have the government search his device and clear him of suspicion than face the possibility of jail time for contempt if the judge believes he is only pretending to be unable to comply with a decryption order.

        1. You are certainly correct, but IIUC you are saying that people who don’t want to be wrongly incarcerated for contempt shouldn’t protect their data. But of course there are many legitimate reasons to protect your data. People often store business trade secrets on their professional devices, for example. And many journalists and criminal defense lawyers are big on strong encryption.

          1. Twelve, I get that you may just be trolling me, in which case this thread is well played. But if you mean to be discussing it in good faith, I find your view really puzzling. Obviously I am not saying that people shouldn’t use encryption, and obviously there are many legitimate reasons to use it: Indeed, pretty much all phones do this by default, so al of us us strong encryption without thinking about it. Why you think I don’t realize this is a puzzle to me, at least if you’re not just being a troll.

            Anyway, have a good week.

            1. Prof Kerr, I’m not trolling you. But I have a new critique that I just noticed. You say, “Individuals ordinarily must know the password of devices that they regularly use. As a result, evidence that the person regularly uses a particular device should generally be sufficient to show knowledge of the password and trigger the foregone conclusion doctrine.”

              This is a variant of the prosecutor’s fallacy. Absent independent evidence that there is incriminating information on the phone, there is no reason to think that a person claiming to have forgotten his password is lying, people forget passwords all the time, people occasionally lock themselves out of their phones. But judges fall for the prosecutor’s fallacy all the time, and based on your comments, my concern that judges will automatically lock up anybody who says that they forgot their password is warranted.

              1. “Prof Kerr, I’m not trolling you. But I have a new critique that I just noticed.”


        2. Under your proposed rule, a defendant forgets their password would the government have the right to force the defendant to do a password recovery procedure? There are more than a couple systems I use where the “I forgot my username/password” is basically my authentication method since I log into them so rarely.

          Would the fact that a service is tied to, say, an email account the defendant owns for the purpose of password recovery be enough to establish that it’s a foregone conclusion that the defendant “knows” the password because they can force a reset? Or would the requirement to go through the procedures in order to reset/recover the password mean that it’s _not_ a foregone conclusion that the defendant know/should know the password because there’s now an intermediary (the email address, for example) required to establish whether or not that person is authorized on the system?

    2. I wonder what the cops will have to do to the suspect, if the law does say that compulsion is OK, but suspect still would not comply?

      The same thing that happens when someone disobeys any other kind of court order: they’ll be held in contempt until they stop disobeying.

      Or maybe noncompliance could result in adverse assumption against him?

      That seems quite reasonable, though of course it won’t address the problem in many cases.

  8. As for CANARY mentioned by Paul Elliott, a preset PASSWORD could be a CANARY which could be used even during interrogation.

  9. Speaking as someone who has actually read all the cases — Fisher, Hubbell, the recent 3rd and 11th circuit decisions, and just about all of the district and state decisions — I want to thank the professor for bringing a well reasoned, practical solution to this important issue.

  10. Storage of private data, be it paper or electronic, is an extension of a person’s mind. Any disclosure of this data to the government unavoidably has a testimonial aspect, therefore a compelled disclosure is expressly prohibited by the 5th Amendment. This principle pre-dates U.S. Independence (Entick v. Carrington), represents the original intent behind the 4th and 5th Amendments, and was affirmed 100 years afterwards in Boyd v. United States (1886). Quote:

    “The seizure or compulsory production of a man’s private papers to be used in evidence against him is equivalent to compelling him to be a witness against himself, and, in a prosecution for a crime, penalty or forfeiture, is equally within the prohibition of the Fifth Amendment.

    Both amendments relate to the personal security of the citizen. They nearly run into, and mutually throw light upon, each other. When the thing forbidden in the Fifth Amendment, namely, compelling a man to be a witness against himself, is the object of a search and seizure of his private papers, it is an “unreasonable search and seizure” within the Fourth Amendment. ”

    So what are we presently talking about? About creative pseudo-legal sophistry developed for the purpose of granting the government powers that the Founders did not intent to give.

    1. Why do you think Boyd reflects the “original intent” behind the 4th and 5th Amendment? It seems to me that Boyd created its rules by introducing new concepts into the law, all about 100 years after the enactment of the 4th and 5th Amendment.

      1. First, because of Entick v. Carrington. The 4th Amendment was written in the noosphere shaped by Entick.

        Second, because laws against self-incrimination exist elsewhere too, and in several European countries are interpreted as: “the defendant has no obligation to assist the prosecution” – without further splitting hair about “foregone conclusions”, “testimonial character”, etc.

        The spirit of the Bill of Rights, expressly stated in the Preamble (“…in order to prevent misconstruction or abuse of its powers, that further declaratory and restrictive clauses should be added”) would be hard to reconcile with an intent to grant the government powers that supposedly less “free” countries do not grant.

        1. I agree that the 4th Amendment was written to largely codify Entick. But I’m asking about Boyd, decided a century later. As for the privileges in European countries, my understanding is that the law there is quite modern: I don’t see how we can assign a motive of the Framers to have rules always more rights-protective than other countries on a sort of moving basis. One might like that rule, but I don’t think we can assign that to the Framers.

  11. Why should a defendant be compelled to aid in his own prosecution.

    1. Because the government wants him to aid, and lawyers have developed “legal theories” that stirve to give such an outrage a semblance of rationality.

    2. The constitutional requirement is that he not be required to be a “witness against himself,” not that he not be compelled to do things that aid in his own prosecution. It may aid in his prosecution to be forced to appear in a line-up of suspects, but that doesn’t mean he can decline to participate.

  12. So if I keep a pen and ink diary in code, the cops can force me to decode that diary by force of arms without violating the fifth amendment?

    1. Because, after all, knowing the cypher is only testimony that you know the cypher!

    2. From the article at Page 781:

      A similar error is to claim that entering a password has broader
      testimonial significance because it is akin to translating the entire encrypted
      contents from ciphertext to plaintext. On this thinking, entering the password
      is like a witness taking the stand and translating documents from a secret
      language into English. But this analogy doesn’t work. Assuming that an act
      of translation could be incriminating,68 and that the act of production doctrine
      would apply to it, the testimonial aspect of translation is knowing how to
      translate from one language to another. In contrast, entering a password
      implies no such knowledge. Take the case of my sister’s phone. If I enter the
      password and the phone unlocks, my entering the password implies no
      knowledge about how the phone’s encryption software works. I don’t even
      know what kind of phone my sister has. The only testimony implicit in
      unlocking her phone is the only thing I know: The password.

      1. Yeah, I read that. What if the witness is me, and I refuse to ‘translate’ the document?
        And how does the court/jury know the alleged translation by someone else is correct?

      2. the testimonial aspect of translation is knowing how to
        translate from one language to another.

        That’s a little slippery. The specific example given involved a code or secret language presumably invented by the suspect, not an ordinary foreign language that many millions of people could translate.

        If the police hire a translator to help them deal with documents written in French, say, no one is going to assume that the translator had anything to do with their creation. Not so when what is involved is a private code.

      3. “The only testimony implicit in unlocking her phone is the only thing I know: The password.”

        Not just you’re knowledge if the password, but the password itself. You are explicitly being forced to divulge your sister’s password. Which the government can’t do, if it would incriminate you. You knowledge of the password might be a forgone conclusion, but the password itself is not.

        1. Prof. Kerr’s article does not suggest that the government can force the suspect to tell them what the password is: he is analyzing the legality of “a court order directing a suspect to produce a decrypted version of the data by entering the password without disclosing it to the government.”

          1. True, although it’s interesting how much opposition to my argument is based on the assumption that it is a different argument.

    3. This is correct. Even if the cops know, say, that your diary is in a Cesarean cipher, they can’t force you to tell them that you used a shift of 3. The problem for Prof Kerr is that there is no combination of encrypted text plus non-testimonial act that results in decryped text.

  13. The government can get the information it seeks simply by giving immunity to the witness – assuring them that neither his testimony nor its fruits will be used against him in a criminal prosecution. Then he can be forced to disclose all sorts of stuff.

    If the government isn’t willing to give such immunity, then the person should decide for himself whether he wants to give information which could be used to prosecute him.

  14. . . . but the only implied statement is that the suspect knows the password.

    Do you own the car and have keys to it? We found pot in it – you’re going to jail.

    Was this safe we pried open in your house when we found those kiddie porn pictures in it? You’re going to jail.

    But hey, just knowing the password or having access to a private communications and storage device is totally not evidence of anything except having access to it even if we find evidence of criminality on it. Because hey – the prosecution agrees that, like, anyone could have put it there.

    1. My rule is that *if* the government can prove that the person knows the password, it can make the person enter in the password but *cannot* tell the jury that the person did so. So the point you’re worried about — that a jury told that a person entered the password will infer more from entering a password than just knowing the password — won’t come up.

      1. Orin, I never replied to this argument in my response, but it strikes me that you are describing “act of production immunity,” and in Doe, the Supreme Court said such immunity had to be expressly granted by statute and not on the fly. I understand you argue that the foregone conclusion doctrine includes such a prohibition against telling the jury about the act itself, but I do not read the cases this way. This disagreement relates back to my belief that the foregone conclusion doctrine, if met, means the act is not testimonial at all, not protected, and can be told to the jury. (Another disagreement we have: you argue the foregone conclusion doctrine relates to whether the act is incriminating.)

  15. There’s still a difference between being told to hand over a key and having to answer a question. For one thing, I could easily have a key to an office supply closet that I’ve never visited or intend to visit, while knowledge of a password indicates that I’ve been inside or people directly connected to me have been inside, since the internally-configured password would be unique to each person or trusted group. Second, I’m compelled to give the best answer to the question, since a PW that accessed a shell OS without the Dastardly Plan files or that wiped the HD would not be the right kind of access. It’s like being required to inform the constable that the second set of books is in invisible ink in the margins of the financial report. Or the visiting policeman that the loot is taped to the bottom of the record player.

    Take it out of the electronic context. Say I’ve enciphered a confession using as a key Chapter 28 of Trollope’s The Eustace Diamonds. The court demands the page. Should it be allowed to force the decryption? As noted in the article, the decryption then brings into existence a paper that might have never existed again. Now, if I’ve ripped a subpoenaed financial report into tiny pieces and hidden them around the estate, I’ve arguably got a duty to tape them back together. But what if I’ve translated the data to similarly dispersed notched sticks? (Effective, though flammable, cf. Westminster fire of 1834.) Do I have a duty to recompile from “code”?

  16. What if there’s multiple passwords with multiple levels of access or that trigger device activities (possibly including one which will cause the device to reformat the drive or otherwise destroying its contents)? If you produce a password that destroys the device’s contents, are you still legally in compliance with the court order to enter ‘the password’? Do they have to prove you know a specific password? Wouldn’t their ability to prove that demonstrate *they already know the password*, and thus shouldn’t be compelling you to enter it?

    *absently wonders if there’s any current device-protection software which currently supports multiple passwords with different access levels for the same user name*

  17. But the privilege against self-incrimination harnesses different principles than evidence law. What matters for the privilege is the state of mind that the act necessarily reveals, not what facts about the world an act suggests are more likely to be true.

    That can’t be true. Admissions that themselves are harmless are covered because of what they can lead to whether that be more evidence or what can be inferred. I think you are considering “implies” to strictly as with it’s definition in logic. In normal language and the normal world we can and do say one thing implies another even if that is not 100%. Any link in the chain is covered.

    1. I don’t know how you square your answer with cases like Schmerber, Fisher, Hubbell, etc.

      1. Pretty easily.
        1. Schember is about forced extraction of blood. The individual isn’t making any statement of knowledge whatsoever. With no statement he is not being a witness at all. Arguably he isn’t actually providing anything the warrant was to allow bodily intrusion. That is why this was a Fourth Amendment case and not a Fifth Amendment case.

        2. Fisher was about compelled disclosure by a third party (the lawyers) not the the individual. The Court was clear this was important as it meant the that the taxpayer wasn’t being a witness against himself

        3. Hubbel first would require police to describe the documents in the phone with reasonable particularity. You aren’t just producing the password but also the documents therein. The police can’t get a subpoena for your filing cabinet and key. They need to describe the documents inside that they seek with reasonable particularity. You also have Thomas’s concurrence to contend with saying no compelled production of any incriminating evidence. It may not be controlling but since he and Scalia signed on to the majority in full it is clear they didn’t think the majority opinion held otherwise.

        1. Further regarding document production, the theory in allowing it is that the documents were voluntarily made not compelled. Only disclosure of them was compelled. But a password is not written down. It was not made voluntarily. Therefore you are compelling not just production buy creation.

  18. Prof Kerr continues to make the baffling claim that the only aspect of entering a password is the fact that the defendant knows the password, and not the contents of the password.

    Fisher is a case about document production, where the defendant was required to turn over evidence to the government. But assuming the government has the phone, and assuming arguendo that they can access the underlying encrypted data inside the phone, then the government already possesses all the evidence.

    So the government possesses encrypted data. And Prof. Kerr claims that the government seeks to compel the defendant to perform an act that is non-testimonial (except as otherwise noted) that will result in the government having decrypted data. But of course the only way the defendant can help the government decrypt the data is by disclosing the contents of the password.

    It would be nice if Prof Kerr could explain a little better why he thinks that forcing the defendant to disclose the password is not “testimonial” as to the contents of the password. Is it because entering testimonial data into a machine, as opposed to telling it to the government, is somehow different?

    1. It’s a question of wanting to compel testimony from the defendant without giving anything in return – i. e., a grant of immunity.

      A little nibble at the salami here…a little nibble there…sooner or later there’s no salami left!

    2. Perhaps you should read the article that Prof. Kerr wrote on the subject? Section II.A, beginning on page 779, appears to be the portion you’re looking for.

      1. “Perhaps you should read the article that Prof. Kerr wrote on the subject? Section II.A, beginning on page 779, appears to be the portion you’re looking for.”

        I not only read it, I quoted it elsewhere in the article, in a comment that you responded to.

        I’m not sure why people think it matters that the defendant doesn’t have to produce the password, but has to use the information in the password to produce derivative information. If I understand Prof. Kerr’s (and your) argument correctly, the argument is the equivalent of claiming that if you know a number, X, and the government can incriminate you if it knows the remainder of X/10, then the government can’t force you to tell them what X is, but it can force you to tell them what the remainder of X/10 is, because after all, the government won’t know what X is.

        The whole point of encryption is that the encrypted text, standing alone, contains insufficient information to produce the decrypted text. So by compelling the defendant to produce the decryped text, you are indirectly compelling him to produce additional information unknown to the government.

        1. Twelve, your theory is interesting — it’s just very different from the act of production doctrine that the Supreme Court has adopted.

          1. Prof Kerr, from what I’ve gathered from your posts, the Supreme Court’s act of production doctrine is very carefully tailored to prevent the defendant from being required to reveal information that he knows, as opposed to information that he might inadvertently reveal through something like a hand-writing sample.

            I would note that forcing someone to enter information into a machine that does math on that information and produces derivative information clearly adds to the sum-total of the government’s information.

  19. Math/CS not law person here, so maybe this explains a thing I don’t get and one bit I’ll pick:
    1) The thing: Orin why do you and Laurent spend time on whether the broader implications constitute implied testimony? AFAICT this affects nothing because unless govt knows accused knows password, they can’t order its use; and if govt *does* know this, then as a simple matter of logic it already knows everything this implies (and with what respective certainties).
    2) The nit: password entry often doesn’t imply passwd *knowledge* w high certainty. It is often the case (at least for me) that I find myself guessing from a shortlist of context-dependent pw canddates rather than entering a known pw. I have even helped coworkers in this manner (most recently last month)

    1. Yup, I was struggling with this “knowledge” thing too. Both in connection with passwords – sometimes I have to guess, sometimes I have to look it up, sometimes I have to look up a hint and compute. And sometimes I get it wrong. And ditto, in spades, with Mrs Moore’s passwords when she instructs me to go and buy an air ticket or whatever.

      But the other mystery of “knowledge’ is the foregone conclusion thing, where the government allegedly “knows” a bunch of stuff that it can’t possibly know. Like that there’s kiddie porn on the computer. Even if they have a witness testifing that they saw you looking at kiddie porn on your computer last Wednesday, that doesn’t mean they “know” there’s kiddie porn on this computer today. It might have been erased on Sunday. There might be a mistake as to which computer it was. The other witness could be lying. Or mistaken.

      So clearly “knowledge” must be standing in for “quite a strong and reasonable suspicon that….”

  20. I’m all for pnenumbras when they prevent govt encroachment on individual private doings (SSM, abortion, etc.).

    In this case though, we are expanding govt authority, especially in an area (cell phones) where people store many private data (contacts, med/bank info, internet history, etc.).

    This simply cannot be constitutionally acceptable.

  21. “Gee, officer, you made me so nervous with your intimidating demands and the guns and all, I got so nervous I put in the wrong password three times, and now the phone and all the cloud backups have been erased. Sorry.”

    “Am I free to go?”

  22. So, after having read both articles, and pondered a bit I am left with not knowing if my method of handling passwords would be covered under Prof Kerr’s take on the foregone conclusion doctrine.

    If I understood the state of the law from the article, then I don’t think I could be forced to divulge the password to my devices because of the method used, but I’m not entirely sure. So I’ll just post the actual method I use, and hope that Prof Kerr would be kind enough to poke holes in my understanding with an explanation of why or why not I could be compelled to produce the password.

    I have in my possession an encrypted drive. It utilizes a hardware as well as software encryption algorithm. On this drive is an encrypted database of all my various passwords which are generated by a password generator. I do not ‘know’ any of the passwords in the sense I could tell you what they were off the top of my head.
    I have a very long password that encrypts the database that I have not memorized. Instead I use a shorthand method that’s not really obvious to anyone but me, to write it down. I then store it in a location that I know.

    1. (Continued)
      From what I understood from Prof Kerr’s article, it would not be a foregone conclusion that I know a password to the device because I don’t know any of my passwords, given the method involved. Can I still be compelled to produce the password? And if not, would I have to provide testimony on how I actually store the password in detail, or would the generalized explanation be sufficient. Or would the act of decryption of a paper document with my personal cypher, which would then be entered by me to unlock the password database not be testimonial? I also have several other encrypted usb keys which are identical to my password one, so would there have to be proof of which one is which for them to compel decryption, or could I be given the stack and told decrypt them?

      I worked in information security for a long time, and have been using a password manager and encrypted password database for over a decade, and then as the environment evolved I’ve increased the complexity. So I’m honestly not trolling, I’m just among the more extreme password setups I know, at least other than other actual InforSec professionals and I’m trying to understand the contours or corner cases that would come up even with this apparently straight forward doctrine. (One of the side effects of being in infosec is always wanting to set up adversarial hypothetical to test the security of your solution.)

      1. Correction:

        I accidentally stated that I could be compelled to produce the password in part of the above, clearly that would not be the case as the password itself is testimonial, but I meant rather that I could be compelled to enter the password.

        1. There is an enormously good chance that I have missed the point, but my (weak) understanding is that the government does not compel you to produce the password, it demands that you “open the box” – that is to say, perform some act or acts which allows the government to take control of your informational “treasure.” It doesn’t really mater what the act is – it might be finding a key and turning the lock – or it might be a complex computational task to calculate a password that you can enter. Doesn’t matter. Apparently the government can demand you do stuff, it’s just not allowed to demand you say stuff. And the government can’t demand that you tell them the password – if that is the form your key takes – they just require you to find the key and turn the lock. You can keep your password secret.

          All of the fuss comes from the fact – or legal precedent – that sometimes an act, as well as being an act, may also be a statement. Thus putting your hand up in class communicates your desire to speak. Except that sometimes it doesn’t. The weeds then get very thick as Prof S and Prof K wrestle over the point that plenty of acts allow things to be inferred without being intentional communications. And them weeds be too tangled for me.

          1. But as far as I can make out, if the government can demonstrate that it knows you can open the box – at some level of probability falling short of certainty – it can make you open the box, however complicated that may be, give or take some very weedy exceptions that Prof S thinks are more numerous than Prof K.

            This is one of those days when I long to start a degree in string theory, if it will get me out of starting a law degree.

            1. Right, but ultimately that’s because the act of producing the decrypted contents of this box covered by the foregone conclusion doctrine in that the only testimonial aspect is knowledge of the password, and they’re not getting something that is the knowledge of the contents of your mind, since I don’t tell them the actual password.
              But say that I testify, in a compelling way, that I do not know the passwords, they are stored somewhere else. And that’s all I tell them. Can they compel me to tell them where I store it? Can they compel me to go to where I store the passwords and show them where it is? My understanding is that is not the case, but I might be wrong. And say that someone else knows the passwords on my behalf, can they force me to tell them who if I assert that to do so is possibly incriminating? I guess my ultimate question is how attenuated/complex does the process have to be before the courts stop treating it as a single non testimonial step under the foregone conclusion doctrine and start asking about the discrete steps?

              1. Can they compel me to go to where I store the passwords and show them where it is? My understanding is that is not the case, but I might be wrong.

                Yeah, I think they can make you do that. And even if they can’t make you show them where you keep the passwords, they can still say “OK, fine, you have a secret box of passwords somewhere. Go to your secret box and find out the password and put it in.”

                And say that someone else knows the passwords on my behalf, can they force me to tell them who if I assert that to do so is possibly incriminating?

                I don’t believe so. But they can still say “Fine, get in touch with your friend and find out the password. And put it in.” So I don’t think the method by which you get hold of the password matters.

                BUT – if the secret holder of your passwords requires a special signal from you that your request is truly voluntary, and isn’t the result of the cops twisting your arm, then I doubt that the cops can force you to lie to your password holder. That would seem to me to have a bit of a 1A problem, never mind 5A.

                NB IANAL and this is all too difficult for me.

  23. Now, since I always like to poke about for loopholes….

    ….let’s suppose my computer is set up with a security system with two alternative passwords. If I enter password A, it decrypts the whole contents of the computer. If I enter password B. it chews up and irrevocably destroys everything on the computer. My presumption is that the government will be able to get me for deliberately destroying evidence.

    ….but now let’s suppose that each time I use my computer I save my wicked stuff in one folder, and I also keep a second folder of innocuous stuff. Now my cunning password system is that next time I log in, if I enter password A it destroys folder one (the wicked stuff) and if I enter password B it destroys folder two (the innocent stuff.) There’s no way to open the computer – ever – without destroying one or the other. The government’s command necessarily requires me to perform an act which will destroy a folder.

    How can the government get me for destroying folder one with password A ? There was no way to get into the computer without destroying one folder or the other. But if the government specifies “open up using the password that leaves the wicked folder intact”, how can I do that without “testifying” that I know the wicked folder contains wicked stuff ?

    1. Well, um, how are you ever going to access your wicked stuff?

      1. Not quite sure what your question is.

        (a) you mean after I’ve destroyed it when the cops ask me to put in my password ?

        Never, it’s dead, destroyed, defunct. But by choosing password A, I have obviously already made the judgement “I’d rather lose this stuff forever than let the cops get a peek at it.

        (b) you mean from day to day, before any cops show up wth a warrant ?

        I use Password B, which destroys my fluffy kitten pics, and my collection of treatises on Ovid’s poems. (Of which I have copies elsewhere, and so can reload them onto my wicked computer whenever I’ve nuked them using Password B.)

  24. Here and there in these comments there are hints of the right direction to take on this topic, but nothing (IMO) that clears it up. Nowhere in the Fifth Amendment does it say anything about self-incrimination. Therefore, offers of immunity are irrelevant and inconsequential

    The 5th says “nor shall be compelled in any criminal case to be a witness against himself.” Being a witness is a *process* and being a witness against oneself is a process explicitly prohibited by the 5th. Therefore, one need only show that what is demanded is against the witness to realize that the request is prohibited under the 5th.

    In the US, we have an adversarial criminal justice system. Therefore, there is a rebuttable presumption that *anything* the state requests form a person is ‘against’ the person.

    Therefore, a person can

  25. In these comments, there are some hints at the direction of how this problem should be solved, but (IMO) no comments show the correct solution.

    Nowhere in the Fifth Amendment does it mention self-incrimination. Therefore, no offer of immunity is either relevant or consequential.

    The 5th says “nor shall be compelled in any criminal case to be a witness against himself.” Bearing witness is a *process* and bearing witness against oneself is a process explicitly prohibited by the 5th. All that is necessary is to show that the request is ‘against’ the witness/defendant to allow the person to refuse the request.

    Since the US system of criminal justice is an adversarial system, there exists a rebuttable presumption that *anything* the state requests of a person is ‘against’ the person. Therefore, any requests by the state for information, or for the access to information, can be refused with the full protection of the 5th Amendment.

  26. Really off the wall thought.
    If you think it needs a password, don’t put it on an electronic device.

Please to post comments