Feeds

Child abuse suspect won't be forced to decrypt hard drive

US appeals court rules it would violate his 5th Amendment rights

Beginner's guide to SSL certificates

A federal appeals court has ruled it improper to compel a child pornography suspect to decrypt his hard drive because such an act would violate his Fifth Amendment rights.

The ruling (PDF) by the Atlanta-based US 11th Circuit Court of Appeals in the case of an unnamed suspect from Florida (known in court papers as "John Doe") goes against US legal thinking in previous cases where courts held a person ought to be obliged to turn over encryption codes or passwords in a criminal investigation.

The appeals court ruled that: "[the] Fifth Amendment protects [the man’s] refusal to decrypt and produce the contents of the media devices", the Wall Street Journal reports.

The US Fifth Amendment holds that no one "shall be compelled in any criminal case to be a witness against himself". But this protection against self-incrimination only goes so far.

Supreme Court rulings have previously found that a subject can be compelled to turn over a key to a safe containing potentially incriminating evidence, but is not obliged to supply the combination to a safe to investigators. US law is less clear on how this applies to encrypted files on computers (which might be considered akin to digital safes).

The US 11th Circuit Court of Appeals ruling goes against two district court cases on whether the government can compel subjects of investigation to turn over either the passphrase or a plain text version of the data held on an encrypted drive.

Courts in Colorado and Vermont have previously held that the government can order suspects to turn over encryption passphrases, in certain circumstances.

In the case heard by the 11th Circuit Court of Appeals, the suspect allegedly refused to supply the passphrases for five of his laptop hard drives and five external hard drives. His hard drives had been seized by police at the time of his arrest in a hotel room in October 2010, and encrypted using TrueCrypt, the court documents said.

The suspect refused to supply the passphrase in time for his appearance before a federal grand jury in Florida last April, the WSJ reported, and continued to refuse to do so in response to a later court order requiring him to decrypt the hard drives. A federal judge held the suspect in contempt of court but the appeal court overturned this ruling.

“We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files,” wrote Judge Gerald Bard Tjoflat, one of the three judges hearing the appeal, in the ruling (PDF).

The ruling continued: “It is not enough for the Government to argue that the encrypted drives are capable of storing vast amounts of data, some of which may be incriminating. Just as a vault is capable of storing mountains of incriminating documents, that alone does not mean that it contains incriminating documents, or anything at all.”

The Vermont case, which came before the courts in 2009, also involved child pornography but authorities in that case said they already had evidence that the suspect's drive contained child abuse material before they requested the courts to order the suspect to supply the passphrase for an encrypted portion of the disk.

In the Florida case, all the drives are fully encrypted and the police have no certain knowledge of what they contain.

In January, a federal judge in Colorado ordered a woman charged with fraud to hand over decryption keys to her computer. A regional appeals court rejected her appeal, and she was ordered to decrypt the information last week.

The Electronic Frontier Foundation filed representations on behalf on the defence in both the Florida and Colorado cases.

In a statement, the EFF welcomed the ruling in the Florida case. "The government's attempt to force this man to decrypt his data put him in the Catch-22 the 5th Amendment was designed to prevent – having to choose between self-incrimination or risking contempt of court," said EFF senior staff attorney Marcia Hofmann. "We're pleased the appeals court recognised the important constitutional issues at stake here, and we hope this ruling will discourage the government from using abusive grand jury subpoenas to try to expose data people choose to protect with encryption." ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.