Amicus Brief on Burdens of Proof for Compelled Decryption

The burden of proof matters, and it's an issue of first impression in appellate courts.


I recently posted a draft article on the Fifth Amendment and compelled entering of passwords: Compelled Decryption and the Privilege Against Self-Incrimination. My article flagged but did not answer a closely-related question: What is the burden of proof to show a foregone conclusion when the government compels entering a password?

Coincidentally, the Massachusetts Supreme Judicial Court happened to invite amicus briefs on this issue in a pending case shortly after I posted my draft. It's a question of first impression among state supreme courts and federal circuit courts, and it relates closely to the underlying Fifth Amendment standard. In for a penny, in for a pound, I say. So today I submitted an amicus brief on the proper burden of proof in compelled decryption cases.

You can read my brief here: Amicus Brief of Professor Orin Kerr on Standards for Compelled Decryption Under the Fifth Amendment. It argues that the government's burden should be to prove by clear and convincing evidence, based on a totality of the circumstances, that the subject of the order knows the password.

Special thanks to Andy Levchuk and Lauren Ostberg, who answered the Twitter call to help me prep and file the brief pro bono.

NEXT: U.K. Supreme Court: Baker Doesn't Have to Place Pro-Gay Marriage Message on Cake

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I doubt this: “An example helps show the point. Imagine that the Commonwealth has probable cause to believe that a suspect’s locked phone contains evidence of his robbing a jewelry store. …Whether the suspect knows the password to a phone has no direct bearing on whether the evidence found on the phone establishes the suspect’s guilt. For example, say the phone contains photographs of the suspect with the robbery proceeds. Although the photographs would be highly incriminating, their incriminating nature derives from the photographs themselves rather than the suspect’s knowledge of the password that was used to access them.”

    A reasonable person will conclude if you know the password, you know the contents. How did those photos get on the phone if the owner did not put them there? Forcing a defendant to aid in the production of incriminating evidence from their phone seems like a direct fifth amendment violation.

    The “foregone conclusion” doctrine should not relate to the password itself, but the potentially incriminating evidence on the phone.

    1. Thanks for the comment. My article linked to above explains why I disagree with you.

    2. “The “foregone conclusion” doctrine should not relate to the password itself, but the potentially incriminating evidence on the phone.”

      Applying the foregone conclusion doctrine to the password is, IMO, an attempt to go around the absurdity inherent to applying it to evidence. Here is the nature of that absurdity:

      If the conclusion is indeed “foregone” (i.e. the government can prove possessing relevant knowledge about the existence, location and nature of the evidence), then why not just present this knowledge as evidence. If, on the other hand, the government genuinely needs to access the private papers to obtain evidence, there is no “foregone conclusion”, because the government obviously does not need to possess the subject knowledge.

      1. Correction:

        If, on the other hand, the government genuinely needs to access the private papers to obtain evidence, there is no “foregone” conclusion”, because the government obviously does not possess the subject knowledge.

        1. Yes, I agree that the “foregone conclusion” could beg the question (‘why not just present this knowledge as evidence”). I hold open the possibility that the .gov has a copy (say of an image from someone else’s phone) and maybe they want the original. I would see circumstances as extremely limited.

          Also, I agree that what is on your phone these days is tantamount to personal papers, handing them over is the equivalent of handing over personal papers (ala Boyd, which you quote below).

          One might call this “equilibrium adjustment” theory of the fourth amendment: Put electronic records on par with personal records 200 years ago.

  2. The big problem with this topic is that the entire idea

    that compelled decryption should be based on the government having reason to believe that the defendant knows the password

    depends on understanding of WHY the 5th Amendment says that a person may not be “compelled in any criminal case to be a witness against himself”. And nobody has yet provided a simple, clear answer to this. Everything seems to rely on Supreme Court precedence, which itself has never provided a simple, clear answer to this WHY question.

    My half-baked analysis follows.

    I think the founding fathers simply found the idea of forcing a defendant to assist in his own prosecution intuitively unfair; they wanted the prosecution to do all the work.

    Since forensic sciences had not yet been invented, their way of banning this type of use of force was to say that no witness could be compelled to testify against himself. Had they known about blood alcohol, fingerprints, DNA evidence, encryption keys, etc., quite likely they would have banned the use of force against to defendant to obtain ANY of these.

    1. “Encryption” or codes certainly did exist in 1791. some codes Jefferson made reportedly were not broken for 100 years.

      But to your point, getting someones personal effects in 1791 was considerably more difficult. To have a private conversation was easy- there were no tape recorders, bugs, or electronic records of any sort. You had to ride your horse quite a ways and haul the papers off.

      The issue of whether someone could be compelled to give up the combination to a safe has only been debated in some Supreme Court footnotes. A combination though is not a password. A password conveys important informatiom itself- it could be your birthday, your dogs name, or some other phrase. Maybe its “ILikeBeer” The fact that some files on your phone are password protected and not others could in fact be testimony and used to prove you “own” them. Handing over your password these days is in fact handing over your personal effects and does sigificantly more than merely prove ownership.

      1. While codes did exist in 1791, I am aware of no cases where codes were relevant to courts or attempts to gather evidence. In particular, I have never heard of any cases where a Founder-era court (or even a prosecutor) attempted to compel someone to decode their own papers. If such a case did exist, it would strengthen Prof Kerr’s case and weaken Iation’s quite a bit. Absent such a case, however, I think that Iation has the better arguments.

        1. “In particular, I have never heard of any cases where a Founder-era court (or even a prosecutor) attempted to compel someone to decode their own papers. ”

          It wasn’t necessary. Private papers were out of limits for the government, encrypted or not.

          1. I don’t think that’s true. Private papers could be seized if the police got a warrant, no?

            1. Precisely, no. Boyd v. United States. And Boyd wasn’t an outlier.

              I think the water has reached such a temperature that the present generation of frogs consider it ludicrous when somebody is claiming that it used to be 70 degrees.

            2. Boyd:

              “The seizure or compulsory production of a man’s private papers to be used in evidence against him is equivalent to compelling him to be a witness against himself, and, in a prosecution for a crime, penalty or forfeiture, is equally within the prohibition of the Fifth Amendment.

              Both amendments relate to the personal security of the citizen. They nearly run into, and mutually throw light upon, each other. When the thing forbidden in the Fifth Amendment, namely, compelling a man to be a witness against himself, is the object of a search and seizure of his private papers, it is an “unreasonable search and seizure” within the Fourth Amendment. “

              1. Interesting. Thank you. I’m going to have to rethink this. Is Boyd still good precedent? How does the Court square that with their precedents that you can be compelled to turn over the key to a safe, etc?

                1. It is still a precedent. Whether it is good or not depends on the way one understands and interprets the Constitution.

                  The proponents of the “living Constitution” doctrine (a.k.a. loose constitutionalism) will claim newer precedents, consistent with “requirements of modern governing”, invalidate Boyd.

                  Originalists, however, will note that Boyd, decided a century after the Bill of Rights was written, represents the same, lasting principles that were embodied in the Bill. The Bill itself is rooted in English case law, principally Entick v. Carrington. Boyd, therefore, should be considered a solid, still valid precedent and I definitely share this view.

      2. A bank-grade safe will have two ratings: the hours required to crack it quietly, and the minutes required to crack it noisily (with explosives). Police with a search warrant will be noisy. So the issue of whether someone could be compelled to give up the combination to a safe is a moot point because with a physical safe, it will always be faster and easier to crack the safe than to go to court to prove the owner knows the combination and get approval for coercion.

        However, in theory an electronic file could be safe from decryption until practical quantum computing with a high number of bits is invented, or the heat death of the universe, whichever comes first.

  3. If the government has a search warrant to search my house for proceeds of a burglary and I have a safe, can the government compell me to open the safe? If so, why is it different for unlocking a phone? I believe that should be the analogy.

    1. There aren’t cases on how the foregone conclusion doctrine would apply in those circumstances: I think courts confronting that would reason by analogy and apply the cases involving unlocking a phone.

      1. So they will get that wrong too, even if they would have come down exactly the opposite if they had considered the safe situation first in the absence of the precedent created by the cell phone cases?

      2. I believe you are correct, unlocking safes is analogous to unlocking phones. Encryption of files is analogous to codes/ciphers. The gov’t should prove that they can decrypt the files in order to force the decryption by a defendant.

    2. “can the government compell me to open the safe? If so, why is it different for unlocking a phone?”

      It is different, because while a safe contains material objects, “private papers” are an extension of a person’s mind.

  4. What is the procedural posture of someone seeking to challenge their continued jailing for contempt for failing to enter a password they were compelled to produce? Can they file a new motion or habeas position each and every day claiming they are *now* being unlawfully jailed because they no longer remember the password and are thus no longer disobeying the court’s order?

    If not what determines the period of time before they can seek review again? I mean surely it can’t be that once an appellate court determines that at day 5 there was sufficient evidence to hold them in contempt it gives the trial judge unreviewable power to keep them in jail forever if they do forget it. Or can it?

  5. The founding fathers would have loved this kind of stuff. The Tyrant King George would have outlawed it, and tortured to get the passwords. As a result, the Founding Fathers would have enshrined it.

    It’s all about not giving the government the tools that may release the kraken, and not about protecting criminals…or the innocent.

    He’s on the wrong side of this issue. See also warrantless metadata used to flesh out connection networks, also an abuse vector that probably would have stopped the Revolution cold. Had it succeeded anyway, it would have required a warrant.

    Never give in. Stop the tools of tyrrany from forming.

    1. We have idiots in our government whining why they need to forbid encryption, witb crime sob stories. Meanwhile billions are laboring under a growing panopticon and everything you do being monitored by dictator lackies to preserve those in power against challengers.

      I’m glad our officials are ready to sacrifice the freedom of billions in dictatorships so they can put a few caught crook notches on their belts.


  6. Isn’t concealment of evidence (spoliation of evidence) a crime?

    So entering a password in order to conceal evidence of a crime (e.g. selfies during a robbery, child porn, etc.), must be considered spoliation of evidence–the person knowingly and actively is attempting to hide evidence.

    If this is true, then IN ACCORDANCE WITH THE 5TH AMENDMENT, a suspect has the right to not provide anything concerning the password, encryption, etc.

    1. Unless you are deliberately encrypting the evidence with a random password that you don’t look at or write down, the answer is no because the evidence has not been destroyed. Nor has it even been hidden from those with a proper authority to view it. The point of this entire debate is that the police’s authority to view that information has not yet been clearly established.

      Note, however, that if your reasoning were correct and that any attempt to conceal evidence of a crime is an additional crime, then absolutely every crime would be subject to additional spoliation charges because you:
      – threw the purse into a dumpster after taking the cash
      – wiped your fingerprints from the hotel doorknob
      – put your receipts back in your own file drawer after submitting a false tax return
      – threw back a fish that was too small
      – slowed down when you saw the cop with the radar gun at the side of the road
      Even merely leaving the scene of the crime would become an additional crime under your reasoning. That argument produces ludicrous results.

      1. “That argument produces ludicrous results.” That doesn’t mean that prosecutors won’t use it, nor that ex-prosecutors who have become biased judges won’t accept it.

  7. I just want to remind that this country’s understanding of “private papers” was founded on jurisprudence expressed in Entick v. Carrington, and 100 years later reaffirmed in Boyd v. United States.

    I stick with that original intent and reject later statolatric legal manipulations, together with the whole “foregone conclusion” absurdity.

    1. If there is a clash and we cannot avoid throwing something under the bus, what should we throw: (A) The Constitution and its original intent, reaffirmed in a precedent by the Supreme Court a century later, or (B) Recent precedents, clearly incompatible with the original intent?

      It’s a matter of personal choice. I am firmly in favor of option B., therefore my interest in keeping the foregone conclusion doctrine on life support and developing further sophistry to this end is precisely zero.

  8. A rational rule requires a time element. The more time that passes (especially in jail), then the more credible “I forgot.” becomes. Given a reasonably difficult password, we would all forget it if enough time passes.

    I’m old. If I didn’t use my computer daily, I would forget my master password in a few weeks.

  9. I think the solution is simple. Have an app on the phone/computer that requires 1 of 2 password options to open a device. The first opens the device normally, and the second performs a semi-wipe of the device, removing all non OS files (the encrypted files are just cast off as orphan files – still encrypted, but unattached). 10 failed password attempts, and the second option kicks in automatically. Add in a third password option that tells the user that they have failed 9 times, and that the next time failed will perform complete reset. The first time you are asked to open the phone, agree and simply use the second password. Jeez, do I have to be creative for EVERYBODY…

    1. I would not remember the second password, since I would not use it for years.

Please to post comments