Feeds

US court test for rights not to hand over crypto keys

EFF pushing for digital Fifth Amendment

The Power of One Infographic

Civil liberties activists have lent their support to a case that will test whether a US citizen can refuse to decrypt personal data on the grounds that it might be self-incriminatory.

The case involves allegedly fraudulent real estate transactions. The government wants a Colorado court to compel Ramona Fricosu, who is accused of a mortgage scam, into either turning over the passphrase or providing a plain text version of the data held on an encrypted laptop. However, such an order would be in breach of Fifth Amendment protection against self incrimination, according to papers filed by the Electric Frontier Foundation (EFF) in support of Fricosu.

Lawyers for the digital civil liberties organisation argue that the prosecution's demand that Fricosu turn over the passphrase/plain text version is contrary to the Constitution, because it effectively forces Fricosu to become a witness against herself.

"Decrypting the data on the laptop can be, in and of itself, a testimonial act – revealing control over a computer and the files on it," said EFF Senior Staff Attorney Marcia Hofmann, in a statement. "Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court."

Although prosecutors have made some concessions, they have failed to provide assurances that any data found on the computer won't be used as evidence against Fricosu. Lawyers for the EFF argued in an amicus brief (16-page/146KB PDF) in defence of Fricosu that the request would expose a potential treasure trove of personal data.

"Our computers now hold years of email with family and friends, internet browsing histories, financial and medical information, and the ability to access our online services like Facebook," said EFF Staff Attorney Hanni Fakhoury. "People are right to use passwords and encryption to safeguard this data, and they deserve the law's full protection against the use of it against them.

"This could be a very important case in applying Americans' Fifth Amendment rights in the digital age," she added.

Supreme Court rulings have previously decided that a subject can be compelled to turn over a key in their possession that unlocks a safe containing potentially incriminating evidence, but not the combination to a safe in much the same scenario.

We've asked the EFF whether or not the outcome of the case will have an effect on laptop border searches and the like, and will update this story as and when we hear more.

In the UK, the Regulation of Investigatory Powers Act gives police the powers to force suspects to decrypt files or hand over pass-phrases. Non-compliance is an offence all on its own, punishable on conviction by a two-year jail sentence – or a maximum of five years in cases where national security is involved.

Investigations into suspected possession of child abuse images and related offences is the "main reason" such section 49 notices have been served, but the power has been applied in a range of cases including counter-terrorism, insider dealing, theft and even aggravated burglary. Ministers argued in Parliament that the powers were needed to investigate terrorism and other serious crime.

However, as first reported in The Register back in 2009, the first person jailed for failing to hand over encryption keys to authorities was a schizophrenic software developer initially charged with explosives offences that were later dropped during a police inquiry. ®

Boost IT visibility and business value

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.