> The Fifth Amendment gives witnesses a right not to testify against themselves. Rawls argued that producing a password for the hard drives would amount to an admission that he owned the hard drives. But the 3rd Circuit rejected that argument. It held that the government already had ample evidence that Rawls owned the hard drives and knew the passwords required to decrypt them. So ordering Rawls to decrypt the drives wouldn't give the government any information it didn't already have. Of course, the contents of the hard drive might incriminate Rawls, but the contents of the hard drive are not considered testimony for Fifth Amendment purposes.
It sounds like this ruling is more against indefinite detention than a ruling that allows you to invoke the 5th before handing over your passwords. The quoted text above [1] tells me that the courts have thus far not recognized any right to keep your data encrypted against the wishes of law enforcement. Maybe it means they can only lock you up for 18 months, but I don't see how this changes things appreciably. I guess if the crime you're accused of carries a sentence worse than 18 months, it might be worthwhile, but who knows...
> Rawls argued that producing a password for the hard drives would amount to an admission that he owned the hard drives. But the 3rd Circuit rejected that argument. It held that the government already had ample evidence that Rawls owned the hard drives and knew the passwords required to decrypt them. So ordering Rawls to decrypt the drives wouldn't give the government any information it didn't already have. Of course, the contents of the hard drive might incriminate Rawls, but the contents of the hard drive are not considered testimony for Fifth Amendment purposes.
This would seem to imply that if the government has ample evidence that you murdered someone, they can require you to admit to it in court.
Also worth noting that the court appears to only be saying that he can't be locked up because the government likely doesn't need the evidence to convict him. That is the stipulation under which he is getting out of jail for contempt. If the government did actually need to compel that evidence to make their case, they would be able to hold him idefinitely. Or else at least this ruling doesn't say otherwise.
I guess if the crime you're accused of carries a sentence worse than 18 months, it might be worthwhile, but who knows...
But in the US a criminal record can haunt you for decades. At job applications or housing applications. Elections. And many other bad things that haunt people for a long time. 18 months is horrible too but better then a criminal record haunting you.
Are there no legal precedents for this? I mean the non-digital equivalent must have occurred already. Somebody has some secret books, and/or information. And buries them in the desert.
but its private speech or so it can be argued that way and that is in fact protected by the US Constitution as we can say stuff in private that we may not be allowed in public spaces public speech.
My most important passphrases are very complicated, and I lose the ability to reproduce them from muscle memory (the only place they exist) after a few days of non-use. How can you prove passphrases are remembered?
The idea of being locked up for not handing over a password terrifies me.
I was deployed a few years ago and living in the conexes. I was bored and decided to go all out on encrypting everything. I picked a completely random 16 character password (I piped the output from /Dev/urandom through some tr command that only allowed typeable characters through) and committed it to muscle memory. I used this laptop every day for about a month before I went home. I took about a one week vacation midway home.
With the break and change in surroundings I completely forgot the password. No idea what it was. I tried for about a week before I have up and reformated it. I don't encrypt my computer any more.
That's a crime they can lock you up for life for? Crazy talk.
It's enough that I fill unused drives with /dev/random. Good luck to me proving that it is not encrypted data (and vice versa). Headers are irrelevant, they are no different than a paper label on the hdd saying "encrypted".
My understanding is that if there is evidence that you were committing crimes with connection to this encrypted data, there is a problem for you. Otherwise, this is not a problem.
The problem with this new territory is exactly the unsettled issue of whether providing a password is testimonial and protected.
The protection against self-incrimination is/was a protection against being put on trial and being forced to say or give testimony that you took part in or committed a crime. It is not a protection against any and all evidence from being produced against you.
In a previous age, not saying words was enough protection, because evidence was usually physical (objects). The novel problem now is that the types of evidence being protected by passwords (and the method of protection) now are so closely linked that it's quite difficult to say whether being compelled to reveal a password is testimonial.
Suppose a suspect murdered someone and was seen putting the weapon in a safe, where the combination was known to be written in a person's private papers. Those papers could be compelled to be revealed without jeopardizing privilege because the discovery of the combination is not forcing a person to testify. Even compelling the person to reveal the combination might not be testimony. And in any case, the safe could be opened with much effort and a blowtorch.
But now, the safe can never be cracked, and the person's knowledge of the password is the only thing that will open it. The person revealing the password will surely confirm his/her guilt, so it now feels very much like the info/knowledge is self-incriminating testimony.
Modern problems. They need some court resolution at a high level.
In Germany is rule is simply that you are not required to do anything to actively help our own prosecution.
They want to take your fingerprints? You don't need to help by lifting your arm. They want you to open a safe? No need to tell them the combination, through they will crack it open if you refuse. Same with encryption keys, you don't need to say anything. Telling the truth? As the accused you're allowed to lie in court however you want.
If you do get sentenced you can get a reduced sentence if the court thinks that you've been cooperative. But you can never get punished simply for the fact that you didn't help with your own prosecution.
> The problem with this new territory is exactly the unsettled issue of whether providing a password is testimonial and protected.
I can see no possible correct answer than "yes, absolutely, it is testimonial."
If I may take some minor artistic liberty and change the words without changing the scenario:
Consider a person on trial for murder, and the prosecution believes they wrote down where the body is buried on a piece of paper. The paper's got blood on it and was found next to a hatchet and duct tape. Gee shucks though, it's written in an ancient dialect of Silbo Gomero and they're the last person alive who speaks it. The prosecution would really love to have that evidence for their case. Can they make the defendant translate it for them?
Absolutely not, right? That's clear-as-day 5th amendment, if-I-translate-this-for-you-I'm-incriminating-myself territory.
It is the exact same concept with encryption. There is a piece of information unintelligible to an adversary (prosecutor), that the adversary believes (due to surrounding known evidence) would further their case. The only way to transform the information into something useful for the prosecutor is with the help of the defendant, using knowledge that exists only in the defendant's mind (password).
Asking the defendant to create the evidence against themselves (evidence that does not exist until the defendant creates it, mind you - not something like the contents of a safe where the physical evidence exists whether the defendant wills it or not) is a 100% textbook 5th amendment violation.
I really feel that if someone sees this any other way, they fundamentally misunderstand how encryption works. The documents the prosecution wants do not exist unless the defendant (re)creates them, and you can't ask someone to create evidence (testimony) against themselves (5th amendment, again).
> seen putting the weapon in a safe, where the combination was known to be written in a person's private papers
Replace combination by password. Your example still works. If evidence is "locked" on an encrypted storage device and the password is in unencrypted plaintext form, it can be still used to "crack" the encryption without effort.
But could you force the suspect to tell you the safe combination in your example ?
According to this article, the court can’t seem to understand why the prosecution is going to such lengths to compel production of password. Is they court willfully ignorant or is the article misleading?
It seems pretty clear the prosecution was trying to use this case to set a precedent that not producing a password means you stay in jail forever. That the accused is all but convicted for child porn makes it easy, from a PR standpoint, for the prosecution to play hardball. If it was a journalist or a whistleblower, amicus curae brief would be stacked to the rafters.
Advocacy groups wear their bias on their chests proudly. "Neutral" news purveyors hide their bias behind misleading headlines and selective reporting. I would much prefer to read about something related to digital privacy in Tech Dirt. Not that I have anything against arstechniaca in particular.
Can you link me to an example of a false rumor Tech Dirt has spread?
EDIT: As danso points out, this issue probably wouldn't even have been reported by ars if Tech Dirt hadn't done the actual work of digging up the court documents, so complaining about the admittedly outraged tone of their articles is just petty.
Funny, I much prefer the journalistic style of Tech Dirt, who at least bother to cite and quote from their primary sources. Comparing it to a former porn magazine is unfair.
I don’t typically goto TechDirt if I can find an original source (that isn’t hard paywalled or 50% video ads), but in this case, the writing and reporting was fine and the original court doc is included. Also, the Ars story you provide links to the TechDirt story in its opening sentence.
There's a certain irony in the coincidence of the defendant's name being "Rawls", who was a political philosopher [0] that sought to define what "justice" should be within political society...
his work "Justice as Fairness" "describes a society of free citizens holding equal basic rights and cooperating within an egalitarian economic system."
A surprising but welcome ruling. This case is yet another example of the government using the repugnancy of a crime to attack fundamental rights. It's happened before, it's happening now, and it will happen again.
As others have mentioned a lot of this boils down to the wording of the 5th amendment. Specifically: "...nor shall be compelled in any criminal case to be a witness against himself...".
I recently found out that, for example, the Texas Bill of Rights [1] has stronger wording that addresses this. From section 10: "...He shall not be compelled to give evidence against himself...".
Idea: write malware that drops random data/encrypted files on the infected devices drive but is otherwise harmless, distribute widely. Bam! Plausible deniability for everyone.
Malware? Include with the operating system, to use the unused part (which might be all of it) of the encrypted partition for random data. Anyone who has no encrypted files, will not know the password to decrypt it, because there isn't any.
Maybe in this case, it is somehow clear that there is encrypted stuff and the government is also sure who can decrypt it (who owns the key to decrypt it.) But since a variety of Deniable encryption[0] exits, what happens when they think there is something to decrypt when there isn't? Or when they can't prove it but they want to believe there is something there?
>>Since that day, more than four years ago, Rawls has been held in federal custody. Rawls seeks release arguing that 28 U.S.C. § 1826 limits his maximum permissible confinement for civil contempt to 18 months.
This much jail times ruins almost everyone, think of the mess it makes in your life /job/relationship /fiances. But I guess it beats doing xx years if you provide the passwords and evidence found there is used.
If you pleaded the fifth on your password, the court might be able to compel you to enter the password such that they don’t get the password but do get the data.
The next question is, if doing so immediately decrypts a file (e.g. a text file) which is a direct admission of guilt, can you plead the fifth against the decryption process itself, esp. if the government isn’t already aware that such a “guilt declaration” exists?
What if you testified that you forgot the password (if password was used). Unbelievable it might seem, let’s say you set up the passwd 1 week before the deed, it is a possibility and IMO they would have to prove otherwise (+ good luck with the decrypting)
[+] [-] ereyes01|6 years ago|reply
It sounds like this ruling is more against indefinite detention than a ruling that allows you to invoke the 5th before handing over your passwords. The quoted text above [1] tells me that the courts have thus far not recognized any right to keep your data encrypted against the wishes of law enforcement. Maybe it means they can only lock you up for 18 months, but I don't see how this changes things appreciably. I guess if the crime you're accused of carries a sentence worse than 18 months, it might be worthwhile, but who knows...
[1] https://arstechnica.com/tech-policy/2020/02/man-who-refused-...
[+] [-] thaumasiotes|6 years ago|reply
This would seem to imply that if the government has ample evidence that you murdered someone, they can require you to admit to it in court.
[+] [-] acchow|6 years ago|reply
[+] [-] asdfasgasdgasdg|6 years ago|reply
[+] [-] 14|6 years ago|reply
But in the US a criminal record can haunt you for decades. At job applications or housing applications. Elections. And many other bad things that haunt people for a long time. 18 months is horrible too but better then a criminal record haunting you.
[+] [-] ramblerman|6 years ago|reply
Were they required to reveal the location?
[+] [-] fredgrott|6 years ago|reply
[+] [-] 1000units|6 years ago|reply
[+] [-] nwallin|6 years ago|reply
I was deployed a few years ago and living in the conexes. I was bored and decided to go all out on encrypting everything. I picked a completely random 16 character password (I piped the output from /Dev/urandom through some tr command that only allowed typeable characters through) and committed it to muscle memory. I used this laptop every day for about a month before I went home. I took about a one week vacation midway home.
With the break and change in surroundings I completely forgot the password. No idea what it was. I tried for about a week before I have up and reformated it. I don't encrypt my computer any more.
That's a crime they can lock you up for life for? Crazy talk.
[+] [-] comboy|6 years ago|reply
[+] [-] donny2018|6 years ago|reply
[+] [-] sjy|6 years ago|reply
[+] [-] supernova87a|6 years ago|reply
The protection against self-incrimination is/was a protection against being put on trial and being forced to say or give testimony that you took part in or committed a crime. It is not a protection against any and all evidence from being produced against you.
In a previous age, not saying words was enough protection, because evidence was usually physical (objects). The novel problem now is that the types of evidence being protected by passwords (and the method of protection) now are so closely linked that it's quite difficult to say whether being compelled to reveal a password is testimonial.
Suppose a suspect murdered someone and was seen putting the weapon in a safe, where the combination was known to be written in a person's private papers. Those papers could be compelled to be revealed without jeopardizing privilege because the discovery of the combination is not forcing a person to testify. Even compelling the person to reveal the combination might not be testimony. And in any case, the safe could be opened with much effort and a blowtorch.
But now, the safe can never be cracked, and the person's knowledge of the password is the only thing that will open it. The person revealing the password will surely confirm his/her guilt, so it now feels very much like the info/knowledge is self-incriminating testimony.
Modern problems. They need some court resolution at a high level.
[+] [-] skrause|6 years ago|reply
They want to take your fingerprints? You don't need to help by lifting your arm. They want you to open a safe? No need to tell them the combination, through they will crack it open if you refuse. Same with encryption keys, you don't need to say anything. Telling the truth? As the accused you're allowed to lie in court however you want.
If you do get sentenced you can get a reduced sentence if the court thinks that you've been cooperative. But you can never get punished simply for the fact that you didn't help with your own prosecution.
[+] [-] akersten|6 years ago|reply
I can see no possible correct answer than "yes, absolutely, it is testimonial."
If I may take some minor artistic liberty and change the words without changing the scenario:
Consider a person on trial for murder, and the prosecution believes they wrote down where the body is buried on a piece of paper. The paper's got blood on it and was found next to a hatchet and duct tape. Gee shucks though, it's written in an ancient dialect of Silbo Gomero and they're the last person alive who speaks it. The prosecution would really love to have that evidence for their case. Can they make the defendant translate it for them?
Absolutely not, right? That's clear-as-day 5th amendment, if-I-translate-this-for-you-I'm-incriminating-myself territory.
It is the exact same concept with encryption. There is a piece of information unintelligible to an adversary (prosecutor), that the adversary believes (due to surrounding known evidence) would further their case. The only way to transform the information into something useful for the prosecutor is with the help of the defendant, using knowledge that exists only in the defendant's mind (password).
Asking the defendant to create the evidence against themselves (evidence that does not exist until the defendant creates it, mind you - not something like the contents of a safe where the physical evidence exists whether the defendant wills it or not) is a 100% textbook 5th amendment violation.
I really feel that if someone sees this any other way, they fundamentally misunderstand how encryption works. The documents the prosecution wants do not exist unless the defendant (re)creates them, and you can't ask someone to create evidence (testimony) against themselves (5th amendment, again).
[+] [-] tantalor|6 years ago|reply
[+] [-] reportgunner|6 years ago|reply
Replace combination by password. Your example still works. If evidence is "locked" on an encrypted storage device and the password is in unencrypted plaintext form, it can be still used to "crack" the encryption without effort.
But could you force the suspect to tell you the safe combination in your example ?
[+] [-] Hnrobert42|6 years ago|reply
It seems pretty clear the prosecution was trying to use this case to set a precedent that not producing a password means you stay in jail forever. That the accused is all but convicted for child porn makes it easy, from a PR standpoint, for the prosecution to play hardball. If it was a journalist or a whistleblower, amicus curae brief would be stacked to the rafters.
[+] [-] hedora|6 years ago|reply
The government’s behavior on this is reprehensible, and, frankly, I’m more worried about abusive prosecutors than pedophiles.
[+] [-] Supermancho|6 years ago|reply
[+] [-] etrabroline|6 years ago|reply
Can you link me to an example of a false rumor Tech Dirt has spread?
EDIT: As danso points out, this issue probably wouldn't even have been reported by ars if Tech Dirt hadn't done the actual work of digging up the court documents, so complaining about the admittedly outraged tone of their articles is just petty.
[+] [-] mantap|6 years ago|reply
[+] [-] danso|6 years ago|reply
[+] [-] annoyingnoob|6 years ago|reply
[+] [-] ineedasername|6 years ago|reply
his work "Justice as Fairness" "describes a society of free citizens holding equal basic rights and cooperating within an egalitarian economic system."
[0] https://plato.stanford.edu/entries/rawls/
[+] [-] Causality1|6 years ago|reply
[+] [-] 1000units|6 years ago|reply
And this is braindead simple application of the Fifth Amendment. The courts are a joke.
[+] [-] anonsivalley652|6 years ago|reply
[+] [-] jessaustin|6 years ago|reply
[+] [-] murftown|6 years ago|reply
I recently found out that, for example, the Texas Bill of Rights [1] has stronger wording that addresses this. From section 10: "...He shall not be compelled to give evidence against himself...".
1. https://statutes.capitol.texas.gov/SOTWDocs/CN/htm/CN.1.htm
[+] [-] p1necone|6 years ago|reply
[+] [-] zzo38computer|6 years ago|reply
[+] [-] hedora|6 years ago|reply
https://en.m.wikipedia.org/wiki/StegFS
[+] [-] amelius|6 years ago|reply
[+] [-] VectorLock|6 years ago|reply
[+] [-] arthurofcharn|6 years ago|reply
[+] [-] slipheen|6 years ago|reply
[+] [-] itchyjunk|6 years ago|reply
[0] https://en.wikipedia.org/wiki/Deniable_encryption
[+] [-] onetimemanytime|6 years ago|reply
This much jail times ruins almost everyone, think of the mess it makes in your life /job/relationship /fiances. But I guess it beats doing xx years if you provide the passwords and evidence found there is used.
[+] [-] tylorr|6 years ago|reply
[+] [-] nneonneo|6 years ago|reply
The next question is, if doing so immediately decrypts a file (e.g. a text file) which is a direct admission of guilt, can you plead the fifth against the decryption process itself, esp. if the government isn’t already aware that such a “guilt declaration” exists?
[+] [-] bougiefever|6 years ago|reply
[+] [-] blofeld|6 years ago|reply
[+] [-] asymmetric|6 years ago|reply
[+] [-] tsukurimashou|6 years ago|reply
I'm pretty careful with that stuff but still it happened to me before.
[+] [-] classified|6 years ago|reply