Court Upholds 5th Amendment-based Refusal to Decrypt Hard Drive
On February 23rd, the U.S. Court of Appeals for the Eleventh Circuit found that a person (“John Doe”) refusing to decrypt an encrypted hard drive properly invoked his 5th amendment right against self-incrimination. In a case styled “In RE: GRAND JURY SUBOENA DUCES TECUM DATED MARCH 25, 2011”, the Court ruled that the judgment of civil contempt from the lower court (resulting from Doe refusing to produce a decrypted hard drive in response to a lawful subpoena) had been improper.
The case began with law enforcement tracking Doe to a hotel room in California as part of a child pornography investigation. Based on a valid search warrant, officers seized several pieces of computer equipment. When forensic teams attempted to access some of the drives, they found the drives were encrypted. This led to the subpoena, the refusal by Doe at a show cause hearing to comply, and the appeal that is the subject of this case.
In analyzing this case, the Court looked at the circumstances surrounding the hard drive and whether the act of producing the unencrypted contents would be testimonial or, as the government was asserting, simply a physical act that would be non-testimonial in nature.
There were certain facts that distinguish this case from the Fricosu case that I wrote about a few weeks ago. In Fricosu, evidence was legally acquired by law enforcement from various phone calls that showed that the defendant admitted knowledge of the files, saying that they “were on the laptop.” There was also evidence in Fricosu that the defendant owned the computer and had access to it.
In this case, no evidence was presented to show (a) Doe was the only person who could decrypt the hard drives or (b) that the government knew of specific information on the hard drives that it was seeking. This led to Court to opine that “the decryption and production of the hard drives would require the use of the contents of Doe’s mind and could not be fairly characterized as a physical act that would be nontestimonial in nature.” As a result, the Court concluded that decryption and production of the files on the hard drives “would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.”