WilliamCorsoFirstPaper 3 - 28 Apr 2012 - Main.EbenMoglen
|
|
META TOPICPARENT | name="FirstPaper" |
Encryption, Common Use Assumptions, & the 5th Amendment of the U.S. Constitution
| | As one commentator has argued regarding the tension through contemporary application of the 5th Amendment, "In the pre-digital age, there was a distinct boundary between the information that resided only in our minds and the information that we committed to paper. The former was afforded strong constitutional protection; the latter, much less so." In light of this sentiment, should the law recognize the boundaries of information storage? Especially in the context that the frequency at which people's general utilization of digital media (whether e-mail, text message, chat) has increased to such an extent that it could be argued that keeping files on one's own computer has become so "second nature" the law should afford special protection beyond keeping paper documents in a wooden filing cabinet? Furthermore, are the common assumptions of computer use adequately taken into consideration in the course of the law? | |
< < | This author would contend that the trends to recognize greater protection for consumers in regard to lengthy "terms of service" that are generally accepted to be read by "no-one," should be used as an analogy to the possibility that the scope and depth of digital storage has become so intertwined with the way people think and behave that its contents should be afforded protection equal to that of the contents of any defendant's own mind. I must ask whether we are at a point in time where the assumptions about the use of technology should in fact govern the use of technology? Or will we continue to allow judicially created rules or contemporary statutes enforce rules of law that would today be both unexpected and have unexpected consequences? | > > | But this is not the
Fifth Amendment issue. As the author of the piece you cite explains,
the question there is about the passphrase that is assumed to
decrypt a file or a set of files. Everyone agrees that the Fifth
Amendment never had any barring effect on the use of papers in a
filing cabinet. And the digital files too are "mere evidence," from
a Fifth Amendment point of view. But producing the passphrase,
like producing a safe combination, is a testimonial act by the
party giving it up. This, the distinction between testimony and
evidence, is what the engineer authoring the Future Tense piece is
adverting to, and which you are surprisingly eliding
here.
"Common assumptions" may be relevant not only to the context in which
you keep finding them, which is discussions of commercial privacy,
but also—one is rather despairingly forced to assume—with
respect to the "reasonable expectation of privacy" calculus too often
used in Fourth Amendment analysis. But it doesn't have any relevance
to Fifth Amendment discussion, which treats the distinction between
testimony and evidence as a legal matter, historically informed by
disputes over ex officio oaths in prerogative and ecclesiastical
courts. I and some other historians wrote a book once about the history
of prohibition on compulsory self-incrimination in Anglo-American
law. I think it still has some value, and you might find it useful.
This author would contend that the trends to recognize greater protection for consumers in regard to lengthy "terms of service" that are generally accepted to be read by "no-one," should be used as an analogy to the possibility that the scope and depth of digital storage has become so intertwined with the way people think and behave that its contents should be afforded protection equal to that of the contents of any defendant's own mind.
But this is not a form of constitutional argument that had any
background in history or current doctrine. This asserts that the
evidence in digital files should be treated as though it were
testimony, a position that would reverse hundreds of years of
independent development of doctrine about searches and doctrine about
compelled self-incrimination. Indeed, it would make the idea of
"self-incrimination" pretty much irrelevant. The ground on which
this proposal stands is that "common understanding" of the privacy of
digital material treats our digital files as decisively more private
than our papers. I see no evidence for this proposition, and no
reason to believe that the constitutional provisions themselves
license such a conclusion. The constitutional rule is that papers
and other evidence may be searched for and seized on a showing of
probable cause or other circumstances amounting to reasonable use of
state force. Compulsory self-incrimination is forbidden. (The
alternative for securing testimony is immunity, to which we return
below.) Mixing those two regimes on a showing of "common
understanding" is the same as suggesting in any other context that
courts acting alone should change previously-settled legislative or
constitutional provisions so they correspond to the preponderance of
lay opinion. It's not a persuasive argument, to say the least.
I must ask whether we are at a point in time where the assumptions about the use of technology should in fact govern the use of technology? Or will we continue to allow judicially created rules or contemporary statutes enforce rules of law that would today be both unexpected and have unexpected consequences?
The usual answer to that
question is that the common law changes more slowly than surrounding
social conditions, but it changes. | | Section II The CFAA Making Everyday Computer Use Criminal?
The Computer Fraud and Abuse Act (CFAA)(18 U.S.C. § 1030(a)(2)(A)-(C))makes it a crime for any person to "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information." The critical question that generally becomes at issue in these circumstances is what constitutes "authorization." Here, the statute makes it a criminal offense to in effect even view a website without proper authorization. The possible result here is that any website can in fact write its own criminal law against those users who utilize a service or any other aspect of the website in a manner that violates the private contract between user and service (the Terms of Service). It can be argued that this is an absurd result that an ordinary person would never expect, even some U.S. Courts that noted (United States v. Drew, 259 F.R.D. 449, 457-462 (C.D. California 2009)) that such a result lacks adequate notice. However, the question that this author feels is most important, in the context of whether the 5th Amendment should protect the compelled disclosure of encrypted files, is in regards to what is the common assumption? Some would argue that it is common knowledge that no one reads terms of service agreements. Thus, can the same be said that it is common knowledge that someone would believe that his or her encrypted data is just as secure as the thoughts inside his or her mind? | |
> > |
But there's no real problem here. The issue of notice is sufficient
to abate prosecutorial misbehavior, and the principle of lenity in
the construction of criminal statutes renders it more than highly
likely that courts will read the statute as requiring proof of
defendants' knowledge that their access was unauthorized. No
defendant will omit to seek such an instruction, or fail to appeal a
resulting conviction after refusal, so the issue cannot be avoided in
relevant cases. Why should we take this supposed difficulty
seriously?
| | Section III Should Application of the 5th Amendment Follow Contemporary Assumptions About Computer Use? | |
< < | In the opinion of this author the answer is yes, and one could argue that to some extent in some jurisdictions the law in some tentative ways reflects this position. In one case a Federal District Court in Florida held a defendant in contempt for not producing unencrypted contents of encrypted files. The 11th Circuit Court of Appeals later overturned this decision. As the 11th Circuit noted the prosecution told the defendant that they would not use the "act of production" against him, but would use the contents of the unencrypted files against him. The question must be asked whether such a statement comports at all with the spirit of the 5th Amendment? Regardless, the 11th Circuit found that the prosecution could not use evidence "derived from the immunized testimony." (immunized testimony being the "act of production"). Furthermore, action in the law that tracks the assumptions of computer users can be found in regards to where the European Union is questioning whether (in light of the recognition that few read Terms of Service Agreements) Facebook is giving its users sufficient notice regarding their privacy. Such a move by the EU could potentially reflect motion to recognize within the law what people actually assume as opposed to the law's varied interpretation. | > > | In the opinion of this author the answer is yes, and one could argue that to some extent in some jurisdictions the law in some tentative ways reflects this position. In one case a Federal District Court in Florida held a defendant in contempt for not producing unencrypted contents of encrypted files. The 11th Circuit Court of Appeals later overturned this decision. As the 11th Circuit noted the prosecution told the defendant that they would not use the "act of production" against him, but would use the contents of the unencrypted files against him. The question must be asked whether such a statement comports at all with the spirit of the 5th Amendment?
Yes, narrowly. Immunity is the prosecutorial tool to secure
testimony otherwise inaccessible because of the rule against
compulsory self-incrimination. Conviction, too, makes compulsion
possible, of course, because there is no jeopardy arising from
incriminating testimony after conviction for the crime. Immunity is
a prerogative of the executive, not subject for separation of powers
reasons to judicial control, but the court is required as a matter of
law to determine when applying compulsion to testify whether the
immunity accorded by the prosecutor is as broad as necessary to
prevent compelled self-incrimination.
In the case you briefly discuss, the Court of Appeals is correctly
determining that "use immunity" for the testimonial production of the
decrypted disk drives is too narrow, and that the party subpoenaed
was entitled to immunity from prosecution on the basis of anything
derived from the testimony, specifically the files contained on the
drives. This question, of the relevant breadth of the necessary
immunity grant, arises in this case precisely as it would in the case
of a demand, for example, for the testimonial production of paper
business records of a sole proprietorship, with respect to a future
prosecution for personal income tax evasion on the basis of the
business records produced.
Regardless, the 11th Circuit found that the prosecution could not use evidence "derived from the immunized testimony." (immunized testimony being the "act of production"). Furthermore, action in the law that tracks the assumptions of computer users can be found in regards to where the European Union is questioning whether (in light of the recognition that few read Terms of Service Agreements) Facebook is giving its users sufficient notice regarding their privacy. Such a move by the EU could potentially reflect motion to recognize within the law what people actually assume as opposed to the law's varied interpretation.
But this is a different
legal context in a different legal system. Simply adjoining the two
sentences doesn't make the second observation relevant to the first
in any way.
What concerns me about this draft is the extent to which it rests on
questionable interpretations of the relevant legal doctrine. The
constitutional issues are expressed imprecisely, and the thesis of
the draft depends to a large extent on the imprecision. The first
step seems to me to turn the legal hull upright before seeing what
can be salvaged of the cargo.
| | \ No newline at end of file |
|
WilliamCorsoFirstPaper 2 - 13 Mar 2012 - Main.WilliamCorso
|
|
META TOPICPARENT | name="FirstPaper" |
| |
> > | Encryption, Common Use Assumptions, & the 5th Amendment of the U.S. Constitution | | | |
< < | It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted. | > > | Section I The 5th Amendment | | | |
< < | Paper Title | > > | The 5th Amendment of the United States Constitution states that "No person...shall be compelled in any criminal case to be a witness against himself." While in this author's opinion, the above text is pretty straightforward and should mean exactly what it says, some Courts and commentators apply its meaning differently, and specifically with regard to how that sentence applies in today's world of near infinite digital storage. | | | |
< < | -- By WilliamCorso - 12 Mar 2012 | > > | As one commentator has argued regarding the tension through contemporary application of the 5th Amendment, "In the pre-digital age, there was a distinct boundary between the information that resided only in our minds and the information that we committed to paper. The former was afforded strong constitutional protection; the latter, much less so." In light of this sentiment, should the law recognize the boundaries of information storage? Especially in the context that the frequency at which people's general utilization of digital media (whether e-mail, text message, chat) has increased to such an extent that it could be argued that keeping files on one's own computer has become so "second nature" the law should afford special protection beyond keeping paper documents in a wooden filing cabinet? Furthermore, are the common assumptions of computer use adequately taken into consideration in the course of the law? | | | |
> > | This author would contend that the trends to recognize greater protection for consumers in regard to lengthy "terms of service" that are generally accepted to be read by "no-one," should be used as an analogy to the possibility that the scope and depth of digital storage has become so intertwined with the way people think and behave that its contents should be afforded protection equal to that of the contents of any defendant's own mind. I must ask whether we are at a point in time where the assumptions about the use of technology should in fact govern the use of technology? Or will we continue to allow judicially created rules or contemporary statutes enforce rules of law that would today be both unexpected and have unexpected consequences? | | | |
< < | Section I | > > | Section II The CFAA Making Everyday Computer Use Criminal? | | | |
< < | Subsection A | > > | The Computer Fraud and Abuse Act (CFAA)(18 U.S.C. § 1030(a)(2)(A)-(C))makes it a crime for any person to "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information." The critical question that generally becomes at issue in these circumstances is what constitutes "authorization." Here, the statute makes it a criminal offense to in effect even view a website without proper authorization. The possible result here is that any website can in fact write its own criminal law against those users who utilize a service or any other aspect of the website in a manner that violates the private contract between user and service (the Terms of Service). It can be argued that this is an absurd result that an ordinary person would never expect, even some U.S. Courts that noted (United States v. Drew, 259 F.R.D. 449, 457-462 (C.D. California 2009)) that such a result lacks adequate notice. However, the question that this author feels is most important, in the context of whether the 5th Amendment should protect the compelled disclosure of encrypted files, is in regards to what is the common assumption? Some would argue that it is common knowledge that no one reads terms of service agreements. Thus, can the same be said that it is common knowledge that someone would believe that his or her encrypted data is just as secure as the thoughts inside his or her mind? | | | |
> > | Section III Should Application of the 5th Amendment Follow Contemporary Assumptions About Computer Use? | | | |
< < | Subsub 1
Subsection B
Subsub 1
Subsub 2
Section II
Subsection A
Subsection B
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list. | > > | In the opinion of this author the answer is yes, and one could argue that to some extent in some jurisdictions the law in some tentative ways reflects this position. In one case a Federal District Court in Florida held a defendant in contempt for not producing unencrypted contents of encrypted files. The 11th Circuit Court of Appeals later overturned this decision. As the 11th Circuit noted the prosecution told the defendant that they would not use the "act of production" against him, but would use the contents of the unencrypted files against him. The question must be asked whether such a statement comports at all with the spirit of the 5th Amendment? Regardless, the 11th Circuit found that the prosecution could not use evidence "derived from the immunized testimony." (immunized testimony being the "act of production"). Furthermore, action in the law that tracks the assumptions of computer users can be found in regards to where the European Union is questioning whether (in light of the recognition that few read Terms of Service Agreements) Facebook is giving its users sufficient notice regarding their privacy. Such a move by the EU could potentially reflect motion to recognize within the law what people actually assume as opposed to the law's varied interpretation. |
|
WilliamCorsoFirstPaper 1 - 12 Mar 2012 - Main.WilliamCorso
|
|
> > |
META TOPICPARENT | name="FirstPaper" |
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.
Paper Title
-- By WilliamCorso - 12 Mar 2012
Section I
Subsection A
Subsub 1
Subsection B
Subsub 1
Subsub 2
Section II
Subsection A
Subsection B
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list. |
|
|
|
This site is powered by the TWiki collaboration platform. All material on this collaboration platform is the property of the contributing authors. All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|