Feeds

US court test for rights not to hand over crypto keys

EFF pushing for digital Fifth Amendment

Security for virtualized datacentres

Civil liberties activists have lent their support to a case that will test whether a US citizen can refuse to decrypt personal data on the grounds that it might be self-incriminatory.

The case involves allegedly fraudulent real estate transactions. The government wants a Colorado court to compel Ramona Fricosu, who is accused of a mortgage scam, into either turning over the passphrase or providing a plain text version of the data held on an encrypted laptop. However, such an order would be in breach of Fifth Amendment protection against self incrimination, according to papers filed by the Electric Frontier Foundation (EFF) in support of Fricosu.

Lawyers for the digital civil liberties organisation argue that the prosecution's demand that Fricosu turn over the passphrase/plain text version is contrary to the Constitution, because it effectively forces Fricosu to become a witness against herself.

"Decrypting the data on the laptop can be, in and of itself, a testimonial act – revealing control over a computer and the files on it," said EFF Senior Staff Attorney Marcia Hofmann, in a statement. "Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court."

Although prosecutors have made some concessions, they have failed to provide assurances that any data found on the computer won't be used as evidence against Fricosu. Lawyers for the EFF argued in an amicus brief (16-page/146KB PDF) in defence of Fricosu that the request would expose a potential treasure trove of personal data.

"Our computers now hold years of email with family and friends, internet browsing histories, financial and medical information, and the ability to access our online services like Facebook," said EFF Staff Attorney Hanni Fakhoury. "People are right to use passwords and encryption to safeguard this data, and they deserve the law's full protection against the use of it against them.

"This could be a very important case in applying Americans' Fifth Amendment rights in the digital age," she added.

Supreme Court rulings have previously decided that a subject can be compelled to turn over a key in their possession that unlocks a safe containing potentially incriminating evidence, but not the combination to a safe in much the same scenario.

We've asked the EFF whether or not the outcome of the case will have an effect on laptop border searches and the like, and will update this story as and when we hear more.

In the UK, the Regulation of Investigatory Powers Act gives police the powers to force suspects to decrypt files or hand over pass-phrases. Non-compliance is an offence all on its own, punishable on conviction by a two-year jail sentence – or a maximum of five years in cases where national security is involved.

Investigations into suspected possession of child abuse images and related offences is the "main reason" such section 49 notices have been served, but the power has been applied in a range of cases including counter-terrorism, insider dealing, theft and even aggravated burglary. Ministers argued in Parliament that the powers were needed to investigate terrorism and other serious crime.

However, as first reported in The Register back in 2009, the first person jailed for failing to hand over encryption keys to authorities was a schizophrenic software developer initially charged with explosives offences that were later dropped during a police inquiry. ®

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.