Court Upholds 5th Amendment-based Refusal to Decrypt Hard Drive

Published On February 28, 2012 | By Randy Sabett | General
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

On February 23rd, the U.S. Court of Appeals for the Eleventh Circuit found that a person (“John Doe”) refusing to decrypt an encrypted hard drive properly invoked his 5th amendment right against self-incrimination.  In a case styled “In RE:  GRAND JURY SUBOENA DUCES TECUM DATED MARCH 25, 2011”, the Court ruled that the judgment of civil contempt from the lower court (resulting from Doe refusing to produce a decrypted hard drive in response to a lawful subpoena) had been improper.

The case began with law enforcement tracking Doe to a hotel room in California as part of a child pornography investigation.  Based on a valid search warrant, officers seized several pieces of computer equipment.  When forensic teams attempted to access some of the drives, they found the drives were encrypted.  This led to the subpoena, the refusal by Doe at a show cause hearing to comply, and the appeal that is the subject of this case.

In analyzing this case, the Court looked at the circumstances surrounding the hard drive and whether the act of producing the unencrypted contents would be testimonial or, as the government was asserting, simply a physical act that would be non-testimonial in nature.

There were certain facts that distinguish this case from the Fricosu case that I wrote about a few weeks ago.  In Fricosu, evidence was legally acquired by law enforcement from various phone calls that showed that the defendant admitted knowledge of the files, saying that they “were on the laptop.”  There was also evidence in Fricosu that the defendant owned the computer and had access to it.

In this case, no evidence was presented to show (a) Doe was the only person who could decrypt the hard drives or (b) that the government knew of specific information on the hard drives that it was seeking.  This led to Court to opine that “the decryption and production of the hard drives would require the use of the contents of Doe’s mind and could not be fairly characterized as a physical act that would be nontestimonial in nature.”  As a result, the Court concluded that decryption and production of the files on the hard drives “would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.”

About The Author

Randy V. Sabett joined ZwillGen as Counsel in 2011. He advises clients on information security, privacy, IT licensing, and intellectual property. Randy has over 20 years of infosec experience, including as an NSA crypto engineer and a CISSP. He works closely with companies in helping them develop strategies to protect and exploit their information and IP based on various evolving business models, including SaaS, mobile applications, cloud, and more traditional client/server architectures. Specific areas on which he focuses include information security, privacy, IT licensing, IP strategy, big data, metrics, active defense, venture capital, legislative matters, government contracting, digital and electronic signatures, federated identity, state and federal information security and privacy laws, identity theft, and data breaches. He also drafts and negotiates a variety of technology transaction agreements.