New Draft Article: "Compelled Decryption and the Privilege Against Self-Incrimination"

The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

I recently posted to SSRN a new draft artice, "Compelled Decryption and the Privilege Against Self-Incrimination," forthcoming in the Texas Law Review. Here's the abstract:

This essay considers the Fifth Amendment barrier to orders compelling a suspect to enter in a password to decrypt a locked phone, computer, or file. It argues that a simple rule should apply: An assertion of privilege should be sustained unless the government can independently show that the suspect knows the password. The act of entering in a password is testimonial, but the only implied statement is that the suspect knows the password. When the government can prove this fact independently, the assertion is a foregone conclusion and the Fifth Amendment poses no bar to the enforcement of the order. This rule is both doctrinally correct and sensible policy. It properly reflects the distribution of government power in a digital age when nearly everyone is carrying a device that comes with an extraordinarily powerful lock.

As regular readers may note, I've blogged about these issues before. The new draft builds on the themes of my blog posts, elaborating on the argument and offering my responses to several counteraguments. Comments are very welcome, especially critical ones (and especially from techies).

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Cato Unbound Symposium on Federal Power Over Immigration

Volokh Conspiracy

Hide Comments (77)

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

vaadu 7 years ago

Not good enough. The spirit of the 5th amendment is that no one should be compelled to aid in their own prosecution. The prosecutor should have to do his job as if the accused were in abstentia.

Log in to Reply
1. JacobBe5 7 years ago
  
  Interesting.
  
  Can you point me to any cases from the founding era where an accused was successful in not producing documents known to exist by claiming the 5th amendment protected them from doing so?
  
  Log in to Reply
  1. loveconstitution1789 7 years ago
    
    Point to any actual cases where a defendant was forced to bring the prosecutor all papers necessary to get a conviction.
    
    Never happened.
    
    Log in to Reply
2. Orin Kerr 7 years ago
  
  vaadu, I gather your view is that the Supreme Court's precedents in this area are wrong?
  
  Log in to Reply
  1. loveconstitution1789 7 years ago
    
    Wouldn't be the first time.
    
    ObamaCare was upheld by the SCOTUS and there is literally no precedent nor authority in the Constitution that allows for government to force people to buy a product or service.
    
    Log in to Reply
    1. bernard11 7 years ago
      
      Tax credits are unconstitutional? Who knew?
      
      Log in to Reply
  2. Greg_Cherryson 7 years ago
    
    I gather Boyd v. United States, 116 U.S. 616 (1886) was wrong?
    
    "The seizure or compulsory production of a man's private papers to be used in evidence against him is equivalent to compelling him to be a witness against himself, and, in a prosecution for a crime, penalty or forfeiture, is equally within the prohibition of the Fifth Amendment.
    
    Both amendments relate to the personal security of the citizen. They nearly run into, and mutually throw light upon, each other. When the thing forbidden in the Fifth Amendment, namely, compelling a man to be a witness against himself, is the object of a search and seizure of his private papers, it is an "unreasonable search and seizure" within the Fourth Amendment. "
    
    Log in to Reply
Tilted 7 years ago

But encryption isn't a powerful lock. It's a powerful tool that destroys (or, if you like, jumbles) information such that said information can quickly and easily be put back together. If law enforcement has a warrant to search your phone, it doesn't need the phone's memory to be decrypted in order to see everything that is on it - to see all the information (for the most part) that currently exists on the phone. It can do that without, e.g., the user's passcode.

What law enforcement wants is to be able to compel people to help it recreate information (in this context, potential evidence) which doesn't currently exist. Instead of having gibberish of little evidentiary value to present to a judge or jury, it wants to force people to help make sense of that gibberish - to put the evidence back as it was before it was destroyed and before law enforcement managed to secure it.

(continued)

Log in to Reply
1. Tilted 7 years ago
  
  (continued)
  
  Compelling someone to provide a passcode (which facilitates decryption) is less like compelling Al Capone to unlock the safe (or provide the key to the safe) which contains his books and more like compelling him to identify his bookkeeper so that law enforcement can have that bookkeeper make sense of the coded entries in those books. It shouldn't be allowed. The government shouldn't be able to force me to recreate digital evidence to help it make its case anymore than it should be able to force me to put my blood (which I may have successfully cleaned up) back at a crime scene. It, following applicable due process rules, gets to collect what evidence exists. But it doesn't - or shouldn't - get to compel someone to assist it in recreating (destroyed) evidence or, considered another way, to assist it in making sense of evidence - to assist the government in deciphering that evidence such that it might be persuasive to a judge or jury.
  
  Log in to Reply
  1. perlchpr 7 years ago
    
    Agree. Can the court force me to translate some document I've written in a language I made up, if the court can't do it themselves?
    
    Log in to Reply
    1. Brett Bellmore 7 years ago
      
      Exactly the thought that occurred to me.
      
      Log in to Reply
  2. TPKeller 7 years ago
    
    "to be able to compel people to help it recreate information (in this context, potential evidence) which doesn't currently exist."
    
    Yes!! This is the correct path we should be taking: While encrypted, the information in its useful form simply does not exist.
    
    We can illustrate this with the government's own practices. In the world of secret information, there are closed, isolated networks. The "private internet," if you will. This data is not physically separate from the "big internet." This data is simply encrypted before it hops on the wires. This data in its encrypted form can be snooped, copied, stored, and analyzed until the cows come home, by anyone who can do so with any other part of the "big internet." The government doesn't care, because only the government can restore that non-existent information into it's existent form.
    
    If there was any value to that encrypted information, the government would take the great expense to deny access to it, just as the government does for data in it's unencrypted form. They do not.
    
    Would the Fifth Amendment allow the government to compel a suspect to write out a confession? That is creating an incriminating artifact that does not exist. That is exactly what happens if one is compelled to use a password from memory to create evidence from an encrypted source that may incriminate.
    
    Log in to Reply
    1. perlchpr 7 years ago
      
      Would the Fifth Amendment allow the government to compel a suspect to write out a confession? That is creating an incriminating artifact that does not exist.
      
      Let's extend that.
      
      Let's assume that encryption is like a lockbox for analogy purposes.
      
      If the key no longer exists, but the defendant remembers what it looks like, can he be compelled to file a blank key to the proper shape to open the lock?
      
      Log in to Reply
      1. Krayt 7 years ago
        
        Bookies and those who keep a "second" set of books for some enterprise often use encoded notations. While often this can be figured out (see any number of old mob movies), what if it can't?
        
        If the government can prove the bookie knows the key, can they force him to write it down?
        
        The author of this article presumably thinks so.
        
        Log in to Reply
  3. Roadblock Revelations 7 years ago
    
    I concur. Comparing encrypted data to a lock box is, and always has been, a false comparison for purposes of 4th and 5th amendment jurisprudence.
    
    When the government is in possession of a suspect's encrypted data, it already has physical control over the evidence it wants to use against that individual. By compelling that individual to provide an encryption key, the government isn't compelling him/her to provide access to data it doesn't already have access to. Rather, the government is compelling that individual to interpret data already in the government's possession in a way that the government can use against the individual.
    
    The 5th Amendment should bar this form of compelled testimony/disclosure.
    
    Log in to Reply
    1. bernard11 7 years ago
      
      I pretty much agree with tilted, and with perlchpr's language analogy.
      
      Suppose I keep paper financial records in an encoded form. If they are subpoenaed, can I be required to decode them?
      
      Log in to Reply
      1. perlchpr 7 years ago
        
        I pretty much agree with [...] perlchpr's language analogy.
        
        Well, that's a weird thing to have happen to me on the internet... 😀
        
        Log in to Reply
2. TwelveInchPianist 7 years ago
  
  "But encryption isn't a powerful lock. It's a powerful tool that destroys (or, if you like, jumbles) information such that said information can quickly and easily be put back together. "
  
  I've been making this argument on just about every post on this topic for years. It hasn't been addressed, and it won't be addressed on this post, either.
  
  Note that the government can, in some cases, force you to create evidence that doesn't exist. For example, they can force you to provide a handwriting sample. But they can't force you to provide information while creating the handwriting sample.
  
  Log in to Reply
3. TwelveInchPianist 7 years ago
  
  "But encryption isn't a powerful lock. It's a powerful tool that destroys (or, if you like, jumbles) information such that said information can quickly and easily be put back together."
  
  I've been making this argument on just about every post on this topic for years. It hasn't been addressed, and I doubt it will be addressed on this post either.
  
  Note that in some cases, the government can force you to create evidence that doesn't exist. For example, they can require you to provide a handwriting sample. But they can't require you to provide information in your handwriting sample.
  
  Log in to Reply
  1. perlchpr 7 years ago
    
    I'm not sure "producing a handwriting sample" is really "evidence". I think it's more akin tot he situation someone describes below about fingerprints.
    
    The "evidence" is the fingerprints that the police collected at the scene. The fingerprints they collect from a defendant are for identification purposes.
    
    But I agree that forcing someone to provide a handwriting sample that just happened to say "Yes, I killed Joe Schmoe" is unreasonable.
    
    Log in to Reply
Hank8 7 years ago

If a person pleads the 5th Amendment to justify refusing to answer a question - is that over-riden if the prosecutor gives evidence that the person knows the answer to the question?

Log in to Reply
Untermensch 7 years ago

This issue is hardly unique to the digital era, although it may be more ubiquitous. For hundreds of years people have used book ciphers to encode secret messages. To use these, all parties would need to know what particular book to use to break the cipher.

It seems the relevant comparison would be that it would not violate the Fifth to compel someone to reveal what page in what edition of what book could be used to decode a message in a cipher. Then the argument would be that all the government would need to do is demonstrate that the party knew what cipher to use and it would be fine to force them to provide this information.

This to me seems like a real stretch, but the only difference between it and the digital case is the ease with which the content can be deciphered. So if forcing someone to provide the key to a book cipher would not violate the Fifth, you would be forced to explain why the digital case is different in kind.

Log in to Reply
1. Eddy 7 years ago
  
  Admitting that you know how to decipher a secret message would tend to incriminate you at least this much: you'd be indicating that you might have some knowledge of the message's content, and if the message is something sinister that might link you to the crime.
  
  Log in to Reply
  1. Eddy 7 years ago
    
    Or imagine ordering a murder suspect to disclose where the body is so they can do a proper autopsy.
    
    Log in to Reply
    1. Eddy 7 years ago
      
      OK, let me read the post and see if that was already covered.
      
      Log in to Reply
      1. Eddy 7 years ago
        
        Ah, yes, the ex-prosecutor's perspective. Which doesn't make it wrong!
        
        Log in to Reply
2. Untermensch 7 years ago
  
  And I also wonder how the prosecution would demonstrate to a sufficient degree that the accused knows the password. Suppose that the accused does in fact decrypt data regularly but uses a separate keychain manager to access the password and so has no personal knowledge of it even though he or she has personal control over it. Would the state be allowed to force them to provide access to the keychain, which might provide access to far more than the requested data? This would seem to invite all sorts of prosecutorial abuse.
  
  You get close to this point in section II.B, but no suppose more than one person uses the phone and may have independently stored passwords, with both having knowledge of the primary password for the keychain. In such case, compelling one person to enter the keychain password (which is effectively what the main passcode on a phone functions as) would effectively bypass the knowledge requirements you set up in II.B, because there would be no way to separate them, even if one party in fact had no knowledge of the password for the second layer of encryption.
  
  [?]
  
  Log in to Reply
  1. Untermensch 7 years ago
    
    [?] It seems that requiring passwords does far more that demonstrate knowledge that one knows the password. To use your treasure and door opening analogy, it would in many cases not be asking for one door to be opened, with the possibility that treasure might be behind it, but in fact asking for many, many doors to be opened, most of which would not be relevant to the case at hand, and some of which your simple doctrine would not allow.
    
    In other words, I think the complexities of how people use encryption, particularly for shared devices, may not line up with your assumptions.
    
    Log in to Reply
  2. DavidWH 7 years ago
    
    There are ways to store a password physically such that it provides evidence that the user does not know it and access by unauthorized persons plausibly destroys it. For instance this can be done with a stack of bills, a deck of cards, a set of dominoes, or a set of code books.
    
    Log in to Reply
3. Untermensch 7 years ago
  
  Err,
  
  My comment should have read as follows:
  
  So if forcing someone to provide the key to a book cipher would not violate the Fifth, you would be forced to explain why the digital case is different in kind.
  
  Log in to Reply
dwb68 7 years ago

Me: I dont know

Govt: we know you know

Me : how do you know I know?

Govt: we know you knew. You must know now what we know you knew then.

Me: things change

Govt: But for things to change, you must have known at some point, both the thing we know you knew and the new thing you claim not to know.

Changing a password requires the old and the new password, so you know (knew?) both at some time. All the govt needs to find is one text, email, or phone call to show at some point you unlocked the phone. By induction, you must know all future passwords, because you changed them.

Seems like a low (trivial) bar, to me. May as well have no real hurdle at all. "You called Sally, the phone was unlocked for that call, ergo you know it so hand it over."

On the other hand, smart defendants will give the wrong password and force the phone to lock itself permanently. Defendants who use the fingerprint or facial unlock feature are probably screwed.

Proving th

Log in to Reply
1. Brett Bellmore 7 years ago
  
  Smart people use the finger print feature with something other than their finger. Their nose. Their earlobe. Anything but one of their fingers.
  
  Log in to Reply
  1. dwb68 7 years ago
    
    thanks for the tip I did not know you could do that.
    
    If you can actually do that, use your privates instead of facial unlock, that way you have a juicy headline grabbing lawsuit when they compel testimony.
    
    Log in to Reply
    1. Absaroka 7 years ago
      
      Well, that's the last time I rely on this blog for legal advice. Who knew you could get in so much trouble just for unlocking your phone at Starbucks...
      
      Log in to Reply
  2. dwb68 7 years ago
    
    thanks for the tip, I did not know you could do that.
    
    If you can do that, use your privates instead of facial unlock. that way you have a juicy headline grabbing lawsuit when they compel testimony.
    
    Log in to Reply
Eddy 7 years ago

OK - what Tilted and Untermensch said.

Log in to Reply
Peter Gerdes 7 years ago

I found the article quite interesting but my one criticism is the following. Generally when we extend a constitutional principle to a new context raising new considerations we look to our understanding of the purpose/motivation/value protected by the constitutional principle to illuminate it's application.

For instance, when we look to decide how the first amendment should apply to functional computer code (e.g. 3d printed guns) or to Trump's twitter banning we inform our analogical reasoning with the sense that the 1st amendment is designed to cultivate a marketplace of ideas and to avoid letting the government put a thumb on the scale.

It seems to me your conclusions about how we should apply the 5th in this new situation would similarly be benefited by being informed by the values/concerns the 5th was originally enacted to protect. For instance, to the extent that those original values were about not putting people in a catch 22 or limiting government ability to force someone to act against interest it pushes in one way while if it was about avoiding the trap of charging the additional crime of failure to confess it pushes the other.

Log in to Reply
1. Peter Gerdes 7 years ago
  
  DELETE MY PARENT.
  
  I'm an idiot. I missed this discussion at first since I assumed it was going to be higher in paper if it was going to be there.
  
  I love the way you dealt with it and sorry for opining before finishing the full paper..
  
  Log in to Reply
  1. Brett Bellmore 7 years ago
    
    Dream on, the chief reason we still have so much freedom of speech on the comment threads here is that Reason staff never read them. They got tired of having their idiocies, bad faith, and deviations from Libertarianism thrown in their faces, I guess.
    
    Log in to Reply
    1. Peter Gerdes 7 years ago
      
      I think you meant to reply to a different comment.
      
      Log in to Reply
Bill R 7 years ago

I'd argue that having so much more information contained in a cell phone has already shifted the balance of power far away from the citizen. In days past, the government would obtain telephone records and bank accounts, physically search homes and offices, interview friends and business contacts, and many other difficult and time-consuming tasks. Now all of that information and much more is trivially available with just one password. The act of producing that password doesn't provide just a single document, but a complete archive of the citizen's life and thoughts. But that's Fourth amendment, not Fifth, so I'll just nitpick over a couple of typos instead:

The last sentence on page 6 ("Producing them implies a belief that the tax documents exist because you can't hand over papers that you don't think exist.") is almost identical to the previous sentence. Intentional?

Page 10, the word "qualitied" should probably be "qualities".

Log in to Reply
1. Dilan Esper 7 years ago
  
  You are correct. And a wise constitutional scholar once argued that when a new technology shifts the balance of power too far towards the government, courts should shift it back.
  
  Log in to Reply
mse326 7 years ago

My understanding is that the government can access the information on their own but a code is needed to make the information readable. This is different than the pass code to get into a phone generally. If that is the case I don't see why it is different than compelling a person to translate papers in the house written in code (whether shorthand or maybe the person knows a cipher). And I can't imagine that is constitutional to demand.

Essentially you are saying they can be forced to translate the information because they know how to while others don't. That seems to be unconstitutional to me.

Log in to Reply
Greg_Cherryson 7 years ago

It should be completely irrelevant whether the act is "testimonial" or not. The original intent behind the 4th and 5th Amendments (their applicability to the issue of private papers and compelled decryption overlap) was an absolute protection of private papers, in the footsteps of Entick v. Carrington, further confirmed in Boyd v. United States.

The whole "testimonial act" doctrine has been developed based on a purely textual interpretation of the 5th Amendment, with the historical context and intent carefully suppressed.

Log in to Reply
1. Stephen Lathrop 7 years ago
  
  Cherryson, I agree, at least somewhat. To me, Kerr's constitutional interpretations seem all about precedent, and too little about history. Not sure that view of mine amounts to anything more than a personal preference, given that I don't think Kerr thinks of himself as an originalist, and I don't think of myself as one either.
  
  It's at least nice that Kerr worries about precedent. His commentary here seems to me a useful example to show how respect for precedent can provide meaningful constraint for legal interpretation. I just wish there were something more?something to keep precedent from marching step-by-step off toward conclusions that might look startling from an historical point of view.
  
  Log in to Reply
  1. Brett Bellmore 7 years ago
    
    Precedent plus occasional exceptions anchored to history, becomes a drunkards walk away from original meaning. Some restoring force is needed.
    
    Log in to Reply
    1. apedad 7 years ago
      
      History shows the restoring force is the liberal, progressive changes in our society.
      
      Dred Scott--overturned by amendment
      Plessy--overturned by Brown
      Pace--overturned by Loving
      Baker--overturned by Obergefell
      
      Log in to Reply
  2. Greg_Cherryson 7 years ago
    
    " I just wish there were something more?something to keep precedent from marching step-by-step off toward conclusions that might look startling from an historical point of view."
    
    IMO the original meaning of the Constitution should always trump precedent, otherwise the outcome you presented is unavoidable. Actually, this may be a great question for judicial confirmation hearings: "what is more important to you, stare decisis, or legislative original intent"?
    
    Log in to Reply
2. Noscitur a sociis 7 years ago
  
  It seems fairly silly to me to claim that the fourth and fifth amendments are designed to effect an "absolute protection of private papers", since the actual text of the amendments makes it clear that papers are protected only against "unreasonable searches and seizures".
  
  Log in to Reply
  1. Longtobefree 7 years ago
    
    So then;
    A warrant, "particularly describing the place to be searched, and the persons or things to be seized." for 'records located in a house at 123 Main St concerning a terrorist plot' would be validly specific. A warrant for 'every photograph, video, recording, document, and communication ever owned' would not be specific. Yet the second is what a password to a cell phone is.
    
    Fortunately, you can enter a character string that orders the phone to erase all data local and cloud, and later claim the stress of coercion caused you to key it wrong.
    
    Better still not to use a cell phone for criminal activity.
    
    Log in to Reply
FreedomTechie 7 years ago

If this standard is chosen, then I think we will see an increase in deniable encryption.

Consider how a prosecutor would try to make a case where a laptop is in evidence, and two passwords exist - one that reveals embarrassing but legal contents, and another that reveals some incriminating evidence. Importantly, the presence of the second password cannot be proven - the system is designed such that its behavior with the first password is indistinguishable from if there were no second password. This system can be extended to an arbitrary number of passwords.

I am happy to get in to technical details, but systems like truecrypt have implemented similar things.

I suppose a similar question would be if a defendant buried some evidence in the Sahara desert, but remembers the coordinates. How could the government possibly prove that a defendant still had knowledge of precisely where the evidence was? Unlike a locked safe with an obvious "open" or "closed" state, the shifting sands of a massive desert won't ever demonstrably reveal all they hold, or whether they hold anything at all.

I view this standard as inadequate in the face of improved technology, because it will either compel defendants to reveal evidence they don't have, or will stymie prosecutors because they will never be able to prove knowledge of a second (or third, or fourth) password.

Log in to Reply
1. Orin Kerr 7 years ago
  
  Freedom, I realize this is an important technical issue, but I'm not clear on what 5th Amendment issues it raises. Say the prosecutor says, "enter in the password." The suspect enters in the password that reveals only legal stuff on the device. The prosecutor has no idea what happened. What is the legal issue in that case?
  
  Log in to Reply
  1. Brett Bellmore 7 years ago
    
    I suppose the legal issue arises when the prosecutor, convinced beyond all doubt of the suspect's guilt, demands that the suspect "Now, enter the other password." And threatens consequences for non-cooperation.
    
    If you need the suspect's cooperation to find the evidence you're convinced exists, but they deny exists, this appears to me to be the sort of issue the protection against self-incrimination was supposed to prevent.
    
    I think the best rule here is that the suspect can't actively obstruct the search, but need not facilitate it. Because a requirement to facilitate transforms into punishment on suspicion of inadequate/bad faith facilitation.
    
    Log in to Reply
    1. FreedomTechie 7 years ago
      
      Yes, that's the scenario I'm concerned with. If this were a standard feature of widely used software, the prosecutor wouldn't be blissfully unaware of the possibility of a second password.
      
      Another critical issue is that systems can be designed around these rules - for example, the system (when used with the first password) would randomly overwrite with some low probability portions of the (possibly) second password protected storage. Even if the prosecution has very solid evidence that some data exists that isn't found on the first partition, the defendant can simply provide a fake password that fails, and argue that the data has been corrupted and is unrecoverable.
      
      I fear that judges, not being experts in applied cryptography as a general rule, are unlikely to grasp the nuance of the situation and hold a defendant with no second, third, or tenth secret password in contempt.
      
      Log in to Reply
      1. Brett Bellmore 7 years ago
        
        "Even if the prosecution has very solid evidence that some data exists that isn't found on the first partition, the defendant can simply provide a fake password that fails, and argue that the data has been corrupted and is unrecoverable."
        
        Typically the disk would first be imaged, so it could be demonstrated that parts of the disk had been altered when the code was entered, and the disk could be restored to its original status for another go at it.
        
        I believe Apple uses a two part coding system with part of the code stored on the processor, so that the undecrypted memory simply can't be imaged, short of grinding down the chip and reading it out with a STM or something similar. The data really IS gone once that hidden code on the processor is wiped, so it's a very secure system... Assuming Apple hasn't put in a back door, which I wouldn't bet against.
        
        It seems to me that if the prosecution has good enough proof that some bit of incriminating evidence exists, that you can be punished for not handing it over, that proof itself should be sufficient to convict.
        
        Log in to Reply
        
        Greg_Cherryson 7 years ago
        
        "Even if the prosecution has very solid evidence that some data exists..."
        
        Aren't we forgetting something? If the prosecution TRULY has some very solid evidence, then the argument of some "compelling government interest in decryption" becomes so thin that it cannot justify removing the 4th/5th Amendment protections (in the footsteps of Boyd, I recognize that both Amendments apply).
        
        This is the fundamental logical problem with the foregone conclusion doctrine, conveniently overlooked by those who want to allow the government to eat the cake (i.e. derive critical evidence from compelled decryption) and have it too (claim that the violation of the 4th and 5th Amendments was insignificant, because the government knew anyway).
        
        Log in to Reply
        
        FreedomTechie 7 years ago
        
        While it's true that a dedicated chip prevents using disk imaging to do repeated attempts, the scenario I was thinking of was that the secondary partition was corrupted during the ordinary use of the primary partition. So the defendant is arguing that the data was corrupted before the state obtained the drive.
        
        Log in to Reply
apedad 7 years ago

I just don't see how this is any different than law enforcement saying to a murder suspect: We know you know where the bloody knife is, so you must tell us.

We know you know the password to the incriminating data, so you must tell us.

You're ordering a suspect to participate in the investigation against themselves.

I fully understand and agree that ordering suspects to provide personal bio data (fingerprints, mouth swabs, and writing samples, name/address, etc) is legal.

Those items do not prove evidence of crime; they just provide positive identification (i.e. the fingerprint at the crime scene is the evidence, not the fingerprint taken during booking).

However, providing a password shows the suspect is actively involved in the potential criminal activity and has to be considered evidence--which must be protected under 5A.

Prof. Kerr going to answer but Supreme Court precedence....

If that's the case, then they're wrong.

Log in to Reply
1. apedad 7 years ago
  
  And to add...
  
  "The foregone conclusion doctrine teaches that when the testimonial aspect of a compelled act 'adds
  little or nothing to the sum total of the Government's information. . . '"
  
  In this case, the govt only knows the suspect knows the password--however, the govt DOES NOT KNOW THE PASSWORD.
  
  Providing the govt with the password indeed adds to their sum total of information, and therefore this must be rejected.
  
  Log in to Reply
  1. perlchpr 7 years ago
    
    'adds little or nothing to the sum total of the Government's information. . . '
    
    Providing the govt with the password indeed adds to their sum total of information, and therefore this must be rejected.
    
    Indeed, it adds to their knowledge, and not "a little".
    
    If they have an encyclopedia full of gibberish, and they force me to translate it for them into English, they've gained rather a lot of information they didn't have before.
    
    Log in to Reply
  2. Lee Moore 7 years ago
    
    I may have misundersttood, but I thought Prof Kerr was saying :
    
    1. that you don't have to tell the government your password, you just have to enter it - ie he's postulating that the government never discovers your password
    
    2. I think there's an intentional burden being laid on "the testimonial aspect of a compelled act 'adds
    little or nothing to the sum total of the Government's information. ."
    
    It isn't that the compelled act doesn't give the government lots of extra information - it does and that is not in dispute. That's the "treasure". It's that the "testimonial aspect" of the compelled act doesn't give the government extra useful information. The testimonial aspect is limited to what is communicated by the mere fact that you know the password. Which fact the government knew already (if you fall within the foregone conclusion rule.)
    
    Log in to Reply
    1. apedad 7 years ago
      
      Then I'll go back to my first sentences:
      
      I just don't see how this is any different than law enforcement saying to a murder suspect: We know you know where the bloody knife is, so go get it and bring it back to us.
      
      We know you know the password to the incriminating data, so enter it so we can have access to it.
      
      No one should have to participate in the investigation against themselves.
      
      Log in to Reply
      1. Lee Moore 7 years ago
        
        I agree with you at an "ought"level, but I was just trying to explain what i understood Prof Kerr's position to be.
        
        As to the knife, I have not seen (or if i have seen I have forgotten) Prof Kerr's analysis of why entering a password would be different. My guess is that he would doubt that in the case of the knife, the authorities could pass the foregone conclusion test.
        
        ie with a password, they may be able to demonstrate that you must have known it at ten o'clock this morning and at 2,946 other occasions in the last two weeks, and that your computer would be useless to you if you didn't know it, and so on. Whereas with the missing knife, how would they show that you knew where it was ?
        
        I have a separate objection with is the idea of making you do work to help the prosecution prosecute you. Giving a handwriting sample might only be ten seconds work, ditto entering a password.
        
        But I don't know my more important passwords, I have to compute them. That means it takes an extra thirty seconds of work to arrive at my password. If I made more complicated passwords, it could take me half an hour. At what point does the government demanding that I labor to convict myself become involuntary servitude ?
        
        Log in to Reply
Gasman 7 years ago

courts and law enforcement want to think of encryption as a lock on your front door. If they have a warrant, you are obligated to open your front door, or they will find a way in somehow while increasing your penalty.

But encryption is more like speech itself. The unreadable file is akin to you having a written document that you alone can read, whether because it is an obscure language or just really bad penmanship. Being compelled to 'decrypt' such a document would seem most definitely compelled speech against ones self.

Log in to Reply
Michael Cook 7 years ago

At my age, even a powerful government with unlimited resources could break a real sweat proving that I know anything. They could imply that I know the address to my own house, the names of my own children, and how to access my bank accounts in Switzerland and the Cayman Islands, but from there that kind of gets into the reasonable prosecutor murkiness that James Comey so lamely proffered as an apology for his political preference of whom he wished to be his new boss.

Gee, was it a mistake, or a crime, or did the silly accused just absently forget little details about cyber security and other legal responsibilities?

I spend hours anymore worrying whether I am silly or merely foolish.

No problem with John Podesta at the DNC. His password was password.

Log in to Reply
1. Rev. Arthur L. Kirkland 7 years ago
  
  No problem with John Podesta at the DNC. His password was password.
  
  How sure are you?
  
  Log in to Reply
  1. Michael Cook 7 years ago
    
    Only talk radio chatter on the password, but that is moot because it wasn't how his email was hacked. He fell for a phishing scam.
    
    Log in to Reply
    1. FreedomTechie 7 years ago
      
      That's not really a fair assessment - he received a phishing email, forwarded it to his IT person asking if it was legit, and they told him it was.
      
      Log in to Reply
Rev. Arthur L. Kirkland 7 years ago

I do not understand this issue enough to reach a reliable conclusion, but I am glad to see good debate of substantive importance. I hope to see more of it here.

Log in to Reply
1. bernard11 7 years ago
  
  It is interesting to me that, as often on these issues, there is a high degree of consensus among commenters here who usually are on very opposite sides.
  
  Log in to Reply
  1. Brett Bellmore 7 years ago
    
    It's unusual to discuss topics on which a consensus exists, so we're usually discussing contentious issues.
    
    In this case, the difference of opinion isn't left/right, it's lawyer/everyone else.
    
    Log in to Reply
    1. Dilan Esper 7 years ago
      
      I am a lawyer, and as a policy matter I think Prof. Kerr is dead wrong.
      
      But doctrine exists, and he is not at liberty to ignore it.
      
      Log in to Reply
Allutz 7 years ago

I have to echo what many other commentators are saying here, decryption is more than merely an act of foregone conclusion, it is a massive set of nonsensical 0s and 1s that otherwise the police have no use for. If, instead of hiding a bunch of gold in his basement, a bank robber hides it in 30 locations around the city, can he be compelled to reveal all 30? Can he be compelled to even reveal 1? I think no. When police have encrypted data, and they are attempting to get the suspect to unlock the phone, what they are saying is that they have NOTHING and the suspect should be compelled to make their case for them.

Log in to Reply
1. Allutz 7 years ago
  
  Adding to my gold hypo. If there is a map found in your basement that you can use to recall the locations, but the police are too stupid to read, must you now help them interpret the map? I think, again, no.
  
  Log in to Reply
  1. perlchpr 7 years ago
    
    Better analogy, I think, maybe (although I just came up with it, so, maybe it's BS.) but imagine that your "treasure map" is actually just a clear transparency with a number of dots marked on it in a couple different colors, and the only way to make it give you meaningful information is to know A.) what actual map to overlay it across, and B.) how to align the overlay to the map to mark the locations of the treasure. Can you be compelled to tell the police the missing information so they can find the locations and dig up the gold?
    
    And all this is happening, mind you, when the police don't actually know if you stole the gold or not. The only evidence they have is the transparency, and they need to "decrypt" it in order to find the gold to prove you took it!
    
    Log in to Reply
2. NonUsableBody 7 years ago
  
  I agree completely. Forcing someone to decrypt their information is morally (and should be legally) the same as forcing them to take an active part in searching their home. If you hid contraband in your foundation, the police can't compel you to show them the location, or wield the sledgehammer to get it out.
  
  Log in to Reply
David Nieporent 7 years ago

Every time this discussion comes up, people think that "No, no, typing in a password to open a locked file is totally different than typing in a password to decrypt an encrypted file" is a brilliant argument.

Log in to Reply

Please log in to post comments

The Volokh Conspiracy

New Draft Article: "Compelled Decryption and the Privilege Against Self-Incrimination"

I've blogged on these issues, and here's an article on them.

Latest

To Remain Canadian, Our Northern Neighbors Should Become a Little More American

Comic: The Bottom-Up POV of Jane Jacobs

Brickbat: From Officer to Inmate

Rise of the Samurai Lawyers

Marco Rubio Says He's Revoked 300 Student Visas Over Campus Activism

Recommended

Login Form

The Volokh Conspiracy

Latest

To Remain Canadian, Our Northern Neighbors Should Become a Little More American

Comic: The Bottom-Up POV of Jane Jacobs

Brickbat: From Officer to Inmate

Rise of the Samurai Lawyers

Marco Rubio Says He's Revoked 300 Student Visas Over Campus Activism

Recommended

Special Offer!