Two New Cases on Decrypting Locked Devices

One on the Fifth Amendment, and one on Miranda. Both correctly decided, I think.


I've blogged a lot over the years on the rules for government efforts to unlock encrypted devices such as phones and computer hard drives. I thought I would flag two recent opinions from federal Magistrate Judges on these issues.

The first case, In re Search of a Residence in Aptos, California, 2018 WL 1400401 (N.D.Cal. March 20, 2018), considers the Fifth Amendment standard for compelling a suspect to enter in a passcode to unlock a device. The second case, United States v. Jackson, 2018 U.S. Dist. LEXIS 55965 (D. Minn. Feb. 27, 2018), considers whether the government can use a passcode obtained from a suspect in violation of Miranda v. Arizona to unlock his phone.

I was pleased to see that, in both cases, the judges shared my view of the law advocated in my past blog posts. I'll consider each new decision in turn.

(1) In Re Search and the Fifth Amendment

As regular readers know, there is considerable uncertainty about the legal standard the government must satisfy to compel a person to enter in a passcode to unlock a phone in light of the Fifth Amendment's right against self-incrimination. The key question is what the government must show to satisfy the "foregone conclusion" doctrine. On one hand, in 2012 the Eleventh Circuit required the government to show that it knows with reasonable particularity what the contents are on the device after it has been unlocked. But it's not at all clear that is right. As I detailed in this 2016 post, I think the Eleventh Circuit was wrong and that the govermment should only have to show that it knows that the person knows the passcode. The Third Circuit hinted in a 2017 decision at the standard I advocated, and a state appellate court also seems to have applied the standard I proposed in a 2016 decision.

In the new case, Magistrate Juge Corley issued an order under the All Writs Act requiring a suspect to unlock an ecnrypted part of his laptop, as well as an external hard drive found in his home. Both devices were seized with a search warrant, but the FBI found that they were encrypted with VeraCrypt. The FBI has been unable to decrypt them through technical means. The suspect objected to being forced to unlock the devices, but the court concluded that there was no Fifth Amendment privilege becuse the incriminating aspect of complying was a forgone conclusion. Here's the analysis broken into two paragraphs, with the long footnote after the first sentence inserted in the main text:

The Court finds that the testimony inhering to the act of decryption is that Mr. Spencer knows the encryption password. The act of decryption requires nothing more. [FN: The foregone conclusion doctrine most often arises with regard to document subpoenas and accordingly, precedent reflects concerns unique to that context. See, e.g., Fisher, 425 U.S. at 411 (articulating doctrine as to summonsed tax documents); Hubbell, 530 U.S. at 41 (broad subpoena of documents the "functional equivalent" of answering "detailed written interrogatory or a series of oral questions"); Doe I, 383 F.3d at 911 (subpoena "which seeks all documents within a category but fails to describe those documents with any specificity indicates that the government needs the act of production to build its case"). But the compelled decryption of lawfully-seized devices does not present identical concerns. As a practical matter, a respondent can know a password—and can thus decrypt the device or program to which the password is linked—without ownership, possession, or even general knowledge of files ultimately discovered. Thus where, as here, the contents of the encrypted devices are not alleged to be privileged, the government need only demonstrate sufficient prior knowledge that the defendant knows the password to the encrypted device or program at-issue. Fisher, 425 U.S. at 410 (inquiry into elements of incrimination and implied testimony "do not lend themselves to categorical answers; their resolution may instead depend on the facts and circumstances of particular cases or classes thereof"); Apple MacPro Computer, 851 F.3d at 248 (upholding decryption order under plain error review as "any testimonial aspects of [the act of decryption] were a foregone conclusion") (emphasis added).]

Accordingly, the Court holds that if the respondent's knowledge of the relevant encryption passwords is a foregone conclusion, then the Court may compel decryption under the foregone conclusion doctrine. See United States v. Apple MacPro Computer, 851 F.3d 238, 248 n.7 (3d Cir. 2017) ("a very sound argument can be made that the foregone conclusion doctrine properly focuses on whether the Government already knows the testimony … implicit in the act of production. In this case, the fact known to the government that is implicit in the act of providing the password for the devices is "I, John Doe, know the password for these devices") (emphasis added). Further, "[t]he government bears the burden of proof and must have had the requisite knowledge before issuing the summons or subpoena." See Bright, 596 F.3d at 692. Finally, the government's showing of independent knowledge must be made to the standard of "reasonable particularity." See Doe I, 383 F.3d at 909; United States v. Sideman & Bancroft, LLP, 704 F.3d 1197, 1202 (9th Cir. 2013). The Court finds that the government has shown with reasonable particularity that Mr. Spencer knows the encryption passwords responsive to each at-issue device such that he can produce them in a fully-decrypted state.

This is exactly right, in my view. It nicely matches what I argued for in my 2016 blog post.

(2) United States v. Jackson and Miranda Violations

The second case considers a question that I blogged about at length in another 2016 blog post, When Miranda Violations Lead to Passwords. The issue: If the police question a suspect in violation of Miranda and the suspect tells them his password, can they then use the password to unlock the device? That is, assuming the ultimate search of the device satisfies the Fourth Amendment, and that the password itself could not be offered in evidence under Miranda, can the government nonetheless use the password to unlock the device?

I argued in 2016 that the correct answer is, "Yes, they can." From my post:

[T]he only remedy for Miranda violations is suppression of the statement obtained from the person questioned in violation of the Miranda rules. Under United States v. Patane, 542 U.S. 630 (2004), if a statement obtained in violation of Miranda leads the police to physical evidence, the physical evidence is still admissible. Most people don't realize Miranda remedies are so narrow, and I'm not sure Patane is persuasive. But that's the current state of the case law.

I think that allows the government to use data obtained through the use of passwords that themselves were obtained in violation of Miranda, whether the data was decrypted or simply was found more easily as a result of bypassing a password. It doesn't matter if the government could not have gained access to the data any other way. The data can be used because the data is not an answer to the government's question during custodial interrogation.

Granted, one might argue that computer files are outside the Patane rule because they are not "physical evidence." They're useful as words and images, which is different from a physical item, such as the seized gun in Patane.

I appreciate the argument, but I don't think it's persuasive. The Patane distinction is between the incriminating statements deemed coerced because they were obtained in violation of Miranda (suppressed) and other kinds of evidence (not suppressed). Zeros and ones on a hard drive or phone fall on the non-suppressible side of that line, I think. Even assuming those zeros and ones can be represented as the statements of the person interrogated — which will be true in some cases but not others — they're not the coerced statements themselves. That's my best sense of things, at least. I'll be curious whether others disagree.

The new decision raises that exact issue, and (just off the top of my head) I think it is the first to do so. The police questioned Jackson in custody, and he asserted his right to counsel. Under the Miranda rules, the government was required to stop questioning Jackson. But instead the questioning continued, and one of the questions the government asked Jackson was if he would disclose the passcode to his phone. Jackson provided the passcode, and the government obtained a warrant to search the phone and used the disclosed passcode to unlock it. Jackson moved to suppress the evidence found on the phone, alleging (among other things) that the contents of the phone were a fruit of the Miranda violation.

After concluding that everything Jackson said after invoking his right to counsel had to be suppressed, Magistrate Judge Noel recommended that the motion to suppress the evidence found on the unlocked phone should be denied under Patane:

The Court must determine whether the derivative evidence obtained as a result of Jackson's suppressed statement, specifically the evidence obtained from Jackson's cellular phone, must also be suppressed. In United States v. Patane, 542 U.S. 630, 634 (2004), a three-justice plurality of the Supreme Court held that physical evidence discovered as a result of a suspect's voluntary statement was admissible at trial, despite the fact that the suspect's Miranda rights were violated. The Court reasoned that "[b]ecause the Miranda rule protects against violations of the Self-Incrimination Clause, which, in turn, is not implicated by the introduction at trial of physical evidence resulting from voluntary statements," that the exclusionary rule does not apply to physical evidence resulting from the voluntary statement. Id. at 634–37. Two concurring justices agreed the physical evidence was admissible, but would not have reached two ancillary questions addressed by the plurality.

In the present case, as in Patane, the violation of Jackson's Fifth Amendment right is fully vindicated by the suppression of Jackson's statements following the invocation of his right to counsel. That Jackson, in that statement, gave the police the passcode to his cell phone, and with it access to the physical evidence on the phone, does not require the suppression of the evidence found on Defendant's phone. As the Court concludes below, officers had authorization, pursuant to the April 21, 2017, search warrant to seize "cellular telephones, and the numbers, photographs , and videos stored therein," found at the residence. See ECF No. 43, Ex. 1. While, Jackson's motion to suppress statements, admissions and answers must be granted to the extent it seeks to suppress any statements made by Jackson during the April 21, 2017, interview, to the extent it seeks to suppress evidence found in Jackson's cellular phone, it must be denied.

Again, I think this is correct. I'm not sure I agree with the Supreme Court's decision in Patane, to the extent anyone cares. But Patane is binding on lower courts, and I think this is a correct application of it.

These are both just opinions from Magistrate Judges, and they're not binding precedents. Still, I found both opinions interesting enough to flag for our readers.

NEXT: My new "The Hill" Op Ed on Federalism and the Legal Battle Over Sanctuary Cities

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Prof Kerr may be right that these decisions are correct implementations of current law but they are normatively exactly wrong. If the police can merely demand that users decrypt their contents, then we have no real privacy. I find that answer unacceptable.

    And the way the court keeps immunizing police from their abuses of civil rights is appalling.

  2. So much for logic and reason.
    If I ever start doing something that requires enough illegality I feel the need for encryption, I will include an app/program that responds to a different password and scrubs the file as thoroughly as technology allows.
    Guess which password I will cough up?

  3. As another comment implies, this is just cat and mouse. Some “kill switch” mechanism is obviously needed. Scrubbing data may be one option. Maybe rolling the decryption password every 24 hours, in a half-blind manner where if one cycle of active password retrieval is missed, even the owner will not be able to get the new one, thus will never know the password. This requires active code execution though, which would likely be a problem assuming data gets seized and put on ice immediately. Many laptops have a bios setting to auto start the computer at a specific time of day, and assuming battery is present in device, this may be useful.
    A more passive approach may depend upon the _lack_ of an execution environment and use the resulting absence of system-generated key files. I’m not sure if the hash of required key files is “knowable” to an outside party before decryption – that would make it not work. But I can imagine a system using a remote execution environment to maybe generate and SCP the keyfiles in on demand, which would be locally bleached after use, but if system is unreachable in 24 hours, code kills itself. You’d have to consider that backups from your cloud provider may pooch this, but I’m sure there are ways to address that as well.
    Anyway, interesting stuff.

    1. You can probably do this by storing the true encryption key on a TPM, which you can set to lockout after failed attempts, then throw away the owner key. You don’t need to wipe the disk if you can destroy the key itself.

      1. Another option is to add a lock on your chassis with a little battery that can zap your tpm if the chassis door is removed incorrectly. The trick is creating a way to throw away the key.

  4. Patane sounds like the type of liberty-limiting decision favored by conservatives.

    A quick check of the lineup of justices confirmed a hunch — five right-wing votes for authoritarianism, with Thomas, Rehnquist, and Scalia leading the nanny-state way.

    1. Indeed. Had Patane been something about, say, property, we would have seen the type of liberty-limiting decision-making favored by liberals (as the Kelo decision demonstrated).

  5. This Foregone Conclusion doctrine is suspiciously similar to regulating or outlawing speech “because it is behavior”, something most reject out of hand, and even in the case of medicine or advertising is related to the truth of what is said, not “behavior of speaking”.

    Whether his analysis is ok or not, clearly breaking encryption is abused in places like Russia and China, for the reasons the founding fathers feared — hurting any challengers to power, especially legitimate ones.

    Shall we allow the stepping of boots on faces forever because we want to catch some normal crooks? Or can we take a stant for technology that past generations never even had the option of?

    Like the printing press, the king would outlaw it to hamper challengers. Ergo it must be good. Billions not free would agree.

    1. Though I am also skeptical of these narrow interpretations of the Fifth Amendment’s protections against self-incrimination, it seems to me that courts are (possibly) on firmer ground when they make speech-conduct distinctions in the context of the Fifth Amendment than they are when when they do so in First Amendment cases. The 5A provides that nobody “shall be compelled in any criminal case to be a witness against himself.” Being a witness usually, though not always I suppose, means saying something.

  6. How can a libertarian law blogger even remotely approve of the courts’ decisions here?

    1. I don’t recall Orin generally describing himself as a libertarian.

    2. Because he is intellectually honest. He said that he isn’t persuaded that the controlling precedent is correct just that the result of this case is correct with respect to the precedent that the lower courts are obligated to follow.

      Not that Prof Kerr needs me to defend him.

      1. That’s just the second case, isn’t it?

        On the first he seems to like the decision.

  7. >a three-justice plurality of the Supreme Court held that physical evidence discovered as a result of a suspect’s voluntary statement was admissible at trial, despite the fact that the suspect’s Miranda rights were violated.

    Nothing like a little incentive to violate someone’s rights.

  8. I agree for the most part. I certainly agree about the first case and I’ll tentatively agree about the Patane analysis. The only possible distinguishing factor is Patane dealt with a case where the police neglected to read Miranda while that case involved them reading Miranda, the defendant invoked, and then questioning continued. There’s an argument that is different because it’s more compulsive to tell someone their rights and then ignore them when they exercise them. Probably a distinction without a difference, but worth noting.

  9. I am so glad to find the updated version of the issue. I was just searching the same details to get the solution of it, have solved on your content.

  10. Geek Squad Online Support provides online support for your damaged devices. The team of online support is experienced in dealing with tech issues online. In case you’re facing issue with your device contact Geek Squad Online Support

  11. Hey! the contents of the encrypted devices are not alleged to be privileged, the government need only demonstrate sufficient prior knowledge that the defendant knows the password to the encrypted device (hewlett packard error 49) or program at-issue.

Please to post comments