Encrypt your computer, get out of jail free? Not quite.

An appeals court ruled last week that in certain cases, handing over the password to an encrypted hard drive is a form of giving testimony, and is protected under the Fifth Amendment. But that doesn't mean criminals can use password protection to hide evidence -- decryption is only protected if prosecutors don't know what's on the drive.

|
Charlie Niebergall/AP
Laptop encryption has been the subject of several recent court rulings involving defendants' Fifth Amendment rights. Pictured, Drake University student Srikant Mikkilineni (who is not part of these cases) stands with his laptop in the school's law library.

It's common these days for prosecutors to use the contents of computer hard drives as evidence in cases involving financial and computer crimes. Take the copyright cases from the early 2000s, for example, when the RIAA showed that defendants had downloaded songs to their computers without paying. But last week, the US Court of Appeals for the 11th Circuit set a precedent that could make it harder for the government to prosecute based on electronic evidence in certain cases.

In a nutshell, the court ruled that decrypting the contents of a hard drive can, under certain circumstances, amount to giving testimony. Since the Fifth Amendment to the Constitution protects against self-incrimination, the court concluded, defendants can't be forced to decrypt hard drives to provide potentially incriminating evidence against themselves -- unless prosecutors can prove beforehand that they know what's on the drives. (In theory, government hackers could still attempt to gain access on their own, but well-encrypted drives can take decades to break through brute force.)

In this case, the defendant -- referred to as John Doe -- was suspected of possessing child pornography and compelled to testify before a grand jury in exchange for immunity. The prosecutors had seized encrypted hard drives belonging to Doe, and ordered him to decrypt the drives as part of his testimony. He was told, however, that his immunity did not cover the use of evidence against him. In other words, he could still have been charged based on what was on the hard drives.

Doe refused, invoking his Fifth Amendment privilege against self-incrimination, and was put in prison for eight months for contempt of court. The Circuit Court's ruling vindicates Doe's actions, reverses the lower court's decision to hold him in contempt, and confirms that it would be unlawful to force him to decrypt the hard drives.

There's an important distinction to be aware of here: in Doe's case the prosecutors didn't know what, if any, data, was stored on the seven disks. Thus, the court concluded, Doe's compliance in decrypting the drives would be akin to giving testimony against himself in court. The full verdict includes this line: "We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files."

Things would be different if the prosecutors knew for sure what information on the drives and whether it was authentic. In that case, decrypting the files would be the equivalent of handing over a key to a safe, which is not covered by the Fifth Amendment. An example of the latter case occurred just a few days earlier in US v. Fricosu, when a judge ordered the defendant in a bank fraud case to decrypt her laptop computer so that prosecutors could use its contents as evidence against her.

It's important to note that the outcome of the Doe case doesn't mean that criminals can escape prosecution in all cases just by encrypting digital evidence. If prosecutors can show that they have an idea of what's on a drive, as they did in the Fricosu case, a court can still demand that the drive be unlocked and the contents used as evidence. But in murkier circumstances, defendants can't be required to incriminate themselves by decrypting a drive.

For more tech news, follow us on Twitter @venturenaut. And don’t forget to sign up for the weekly BizTech newsletter.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Encrypt your computer, get out of jail free? Not quite.
Read this article in
https://www.csmonitor.com/Technology/Horizons/2012/0227/Encrypt-your-computer-get-out-of-jail-free-Not-quite
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe