Fifth-Amendment-Password As a privacy advocate, Darren Chaker found forcing to disclose a password to bypass encryption often violates the Fifth Amendment, since compelling the Defendant to furnish his password would be testimonial, and thus would violate his rights against self-incrimination. There are several counter-forensic methods to protecting information, which the government, corporations, and private people use legitimately. With the evolution of technology, the availability to secure information with military grade encryption often forces police to force a suspect to provide a password.
Under the Fifth Amendment, compelled communications that are testimonial and potentially incriminating are precluded by the privilege against self-incrimination. Schmerber v. California, 384 U.S. 757, 761 (1966). When police seek to compel a communication from a suspect in the form of a password, the nature of this compelled action would, independently, violate the Fifth Amendment since compelled communication that furnishes evidence is a violation of the constitution. Further, the act of furnishing a password would be testimonial in nature in violation of the Fifth Amendment, since it would serve to provide evidence of ownership and control of a particular computer seized by the police and could certainly imply knowledge and control of their contents. Encryption technology not only prohibits entry into a computer’s file structure but also provides distractions to mask the nature of the computer as encrypted, such as the appearance of an unlocked and operating computer.
Depictions of a particular computer’s screen does not necessarily create an inference of the Defendant’s ownership, control and use of the machine, because such images may be “prepared information” and not necessarily the computer’s desktop. It is common to ask the Defendant if the computer is his, if it is shared, or if he has exclusive use and control over it to denote dominion and control over its contents. Such questions are to incriminate the Defendant and discard any potential defense that he did not, for example, download illegal files, hack a bank account, or do some other nefarious act.
In several cases, the prosecutor would seek to compel the Defendant to unlock all encrypted devices found on the seized computer. A presumption it is the Defendant who would admits to having the only password to his computer is common. Compelling the Defendant to unlock whichever computer is “his,” as would require the Defendant to select the particular computer to which he was referring and decrypt the files. To a more sophisticated Defendant, there is no evidence that he holds the passwords to the encrypted partition or hard drive – just that he has knowledge of their encrypted status. In a situation where multiple electronic devices are seized, the act of selecting a specific device of selecting the particular computer requires the use of the Defendant’s knowledge and thought process. Such a compelled extraction goes beyond a mere collection of physical evidence, such as fingerprints, DNA, or even handwriting exemplars. He would be forced to turn over his knowledge to be used against himself at trial. It is the physical expression of his knowledge that makes it constitutionally protected. As such, it is testimonial in nature. “An act is testimonial when the accused is forced to reveal his knowledge of facts relating him to the offense or from having to share his thoughts and beliefs with the government.” United States v. Kirschner, 823 F.Supp.2d 665 (E.D. Mich. 2010) (quoting Doe v. United States, 487 U.S. 201, 212 (1987)). Forcing a Defendant to reveal the passwords to the seized computers would communicate “that factual assertion to the government, and thus, is testimonial – it requires Defendant to communicate ‘knowledge, unlike the production of a handwriting sample or a voice exemplar. Id. at 669.
The Defendant has a right to refuse this request under the Fifth Amendment since it is the Defendant’s knowledge which is being tapped by the government. The federal appeals court for the Eleventh Circuit has recently addressed the same issue in United States v. Doe, Nos. 11-12268 & 11-15421, 2012 U.S. App. LEXIS 3894 (11th Cir. Feb. 23, 2012), where the court held that a suspect can refuse to provide the password required to decrypt a hard drive on Fifth Amendment grounds. In that case, the defendant was suspected of child pornography and his encrypted computers and hard drives were seized from his hotel room by the government, who then subpoenaed him to furnish the password to decrypt them. Id. at 6-7. The Eleventh Circuit found that the decryption and production of the contents of these computers and hard drives would have been the equivalent of self-incriminating testimony, even if the files themselves were not testimonial. Id. at 11. The court stated that “an act of production can be testimonial when that act conveys some explicit or implicit statement of fact that certain materials exist, are in the subpoenaed individual’s possession or control, or are authentic.” Id. at 20. The court added that “the touchstone of whether an act of production is testimonial is whether the government compels the *16 individual to use ‘the contents of his own mind’ to explicitly or implicitly communicate some statement of fact.” Id. at 20 (quoting Curcio v. United States, 354 U.S. 118 (1957)).
The Doe opinion acknowledged two exceptions: (1) when the government compelled a physical act that does not require an individual to “make use of the contents of his or her mind” and (2) under the foregone conclusion doctrine, if the government can show with “reasonable particularity” that, at the time it sought *17 to compel the act of production, it already knows of the materials, thereby making any testimonial aspect a “forgone conclusion.” Id. at 21. In Doe, the government could establish neither exception.
Under the first exception in Doe, the court ruled “that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the drives.” Id. at 22.
Under the second exception in Doe, the foregone conclusion doctrine, the court found that the government did not have any evidence that any incriminating evidence or files existed on the hard drive or even know whether the defendant had access to the encrypted parts of the drives. Id. at 23. The court distinguished United States v. Fricosu, No. 10-CR-00509 (D. Colo. Jan. 23, 2012), where the government knew that the defendant had specific encrypted contents on his computer from conversations recorded with her ex-husband and alleged co-conspirator, and thus had independent knowledge of the contents, location, or existence of the sought-after documents. Doe at 28.
Similarly, in United States v. Hubbell, 530 U.S. 27, 44-45 (2000), the Court held that Hubbell’s act of production was sufficiently testimonial to trigger Fifth Amendment protection since his knowledge of the implicit testimonial facts associated with his act of production was not a foregone conclusion. In doing so, the Court distinguished Fisher v. United States, 425 U.S. 391 (1976), in which the production of tax records was a foregone conclusion since the government could have obtained the records from a legitimate source wholly independent of the compelled testimony. Specifically, in Fisher the government already knew the documents were in the attorneys’ possession and could independently confirm their existence and authenticity through the accountants who created them. Hubbell, 530 U.S. at 44-45.
Further, Darren Chaker notes in Hubbell, by contrast, the government could not show that it had prior knowledge of either the existence or the whereabouts of the documents ultimately produced by the respondent, nor could the government cure this deficiency through the overbroad argument that a businessman will always process general business and tax records that fall within the broad categories of a subpoena. Id. Thus, in Fisher the act of production was not testimonial because the government had knowledge of each fact that had the potential of being testimonial, whereas in Hubbell there was testimony in the production of the documents since the government had no knowledge of the existence of documents, other than a suspicion that documents likely existed and, if they did exist, that they would fall within the broad categories requested. Id.
Alternative methods of obtaining a password (aka passphrase) would be to implant a keylogger on the computer to record each stroke on the keyboard when the computer is booted, or encrypted partition accessed. Other posts Darren Chaker will focus on counter-measures to such methods, including how to conduct a threat assessment as well as proper policies to prevent access, be it physical or electronic, to the target computer. The methods are the same or similar to those taught by other security professionals intended to prevent industrial espionage. However, in this day in age, being security conscious should extend to not only the corporate executive, local tax preparer, but down to the little league coach who has a roster of his players’ names, addresses, and birth dates. All information is fair game unless precautions are taken.