Feeds

US court test for rights not to hand over crypto keys

EFF pushing for digital Fifth Amendment

High performance access to file storage

Civil liberties activists have lent their support to a case that will test whether a US citizen can refuse to decrypt personal data on the grounds that it might be self-incriminatory.

The case involves allegedly fraudulent real estate transactions. The government wants a Colorado court to compel Ramona Fricosu, who is accused of a mortgage scam, into either turning over the passphrase or providing a plain text version of the data held on an encrypted laptop. However, such an order would be in breach of Fifth Amendment protection against self incrimination, according to papers filed by the Electric Frontier Foundation (EFF) in support of Fricosu.

Lawyers for the digital civil liberties organisation argue that the prosecution's demand that Fricosu turn over the passphrase/plain text version is contrary to the Constitution, because it effectively forces Fricosu to become a witness against herself.

"Decrypting the data on the laptop can be, in and of itself, a testimonial act – revealing control over a computer and the files on it," said EFF Senior Staff Attorney Marcia Hofmann, in a statement. "Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court."

Although prosecutors have made some concessions, they have failed to provide assurances that any data found on the computer won't be used as evidence against Fricosu. Lawyers for the EFF argued in an amicus brief (16-page/146KB PDF) in defence of Fricosu that the request would expose a potential treasure trove of personal data.

"Our computers now hold years of email with family and friends, internet browsing histories, financial and medical information, and the ability to access our online services like Facebook," said EFF Staff Attorney Hanni Fakhoury. "People are right to use passwords and encryption to safeguard this data, and they deserve the law's full protection against the use of it against them.

"This could be a very important case in applying Americans' Fifth Amendment rights in the digital age," she added.

Supreme Court rulings have previously decided that a subject can be compelled to turn over a key in their possession that unlocks a safe containing potentially incriminating evidence, but not the combination to a safe in much the same scenario.

We've asked the EFF whether or not the outcome of the case will have an effect on laptop border searches and the like, and will update this story as and when we hear more.

In the UK, the Regulation of Investigatory Powers Act gives police the powers to force suspects to decrypt files or hand over pass-phrases. Non-compliance is an offence all on its own, punishable on conviction by a two-year jail sentence – or a maximum of five years in cases where national security is involved.

Investigations into suspected possession of child abuse images and related offences is the "main reason" such section 49 notices have been served, but the power has been applied in a range of cases including counter-terrorism, insider dealing, theft and even aggravated burglary. Ministers argued in Parliament that the powers were needed to investigate terrorism and other serious crime.

However, as first reported in The Register back in 2009, the first person jailed for failing to hand over encryption keys to authorities was a schizophrenic software developer initially charged with explosives offences that were later dropped during a police inquiry. ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.