Thursday, October 14, 2010

Can the Government Force You To Provide Your Password?

Earlier I promised a post on whether the Fifth Amendment protects a person from disclosing a password or encryption key to the government.

The Fifth Amendment privilege against self-incrimination protects a person from being compelled to provide a testimonial communication that is incriminating in nature. Even acts that involve an implicit statement of fact, such as admitting that evidence exists, is authentic, or is within a suspect's control are included within the privilege. In contrast, providing fingerprints and blood samples, for example, are not covered by the privilege because they are physical evidence and not an admission .

There is no question that providing a password or an encryption key implicitly communicates that the person with the password or key has access to or possession of electronic files. However, in many cases this evidence is unnecessary. For example, if the police seize (legally) my iPhone from my pocket after they see me texting while driving, the fact that I owned the iPhone can be proven without having to show that I also know the password.

There are a couple of cases on this. In In re: GRAND JURY SUBPOENA TO SEBASTIEN BOUCHER, 2009 U.S. Dist. LEXIS 13006, a defendant faced child pornography charges. The government obtained a warrant to search the defendant's laptop (which had been seized at a border crossing), but could not examine the contents without the defendant's password. The defendant refused a grand jury subpoena to supply the password.

The Court (D. Vermont) held that the suspect had to provide a password because no Fifth Amendment confession was possible "Where the existence and location of the documents are known to the government." In other words, the defendant could be compelled to provide the password because the act of providing the password would not be evidence of possession, control, or authenticity of the electronic files.

In a similar case, UNITED STATES OF AMERICA, v. ABRAHAM PEARSON, 2006 U.S. Dist. LEXIS 32982, a Northern New York District Court considered an FOB request to compel a defendant to provide a password to access to encrypted folder and drives. The FBI told that court that it believed the files contained child pornography. The government argued that providing the password is not incriminating, and therefore, the Defendant has no Fifth Amendment privilege. Like the Boucher court, this court also held that "where the existence, ownership, control, or authenticity of the document (or thing) is a "forgone gone" conclusion," no Fifth Amendment privilege applies. This case does raise the possibility that the password was intended to protect attorney –client communications, which complicates the matter.

The password question, I believe, raises similar issues as cell phones and GPS tracking, and could present another situation where differences in degree become differences in kind. As people store documents in the Cloud, and encrypt e-mails, the possession of a key or password is more likely to show ownership or access to records or websites or communications. This starts to look very different from providing a key to a safe or fingerprints. I look forward to more decisions on this issue.

1 comment:

  1. I have to say you bring up some fascinating legal questions and this one is pretty frightening. As far as I know, when police seize something like a safe, they will break it open without bothering with a key or combination. So what happens if the defendant steadfastly refuses to provide the encryption key? Will the the courts give a green light to allow police to "break in" to someone's mind? As in "truth serum" or even torture?