Computers, Privacy & the Constitution

Encryption, Privacy, and the Fifth Amendment

-- By MatthewEckman - 08 Mar 2009

The Electronic Frontier Foundation highly recommends that people encrypt their hard drives. I have not taken their advice. What a pain in the ass that would be. Of course it is probably not all that difficult to do, and it's probably not all that big a pain in the ass to type in an extra password every once in a while. Still, though--a bit of a pain in the ass. I imagine that I will eventually get around to installing some version of PGP some day soon, but so far I have been unable to convince myself that encrypting my hard drive is even so minimally important to offset the small amount of ass-pain I would suffer in carrying it out. When I imagine potential threats, I see clearly that if my laptop were stolen by black hats I could have serious problems on my hands and would wish that I had encrypted; but the odds of that happening seem rather too remote to require immediate precautionary measures. And I am completely unable to imagine that I have anything to fear from government agents seizing my computer for the purposes of criminal prosecution. In this class I sometimes feel as though I am missing some big piece of the puzzle--that I really should be more concerned about the government and threats posed to my privacy. But I just don't understand why. Is it because the government might fall into the hands of paranoid fascists who are willing to ruin lives to quell dissent? Is it because some day a nefarious government agent--a corrupt DA, maybe--might abuse the power of the state to cause me personal harm? Am I supposed to be really worried about the possibility that a government agent, as opposed to a common criminal, will use personal information on my computer to blackmail me? Are any constitutional issues at all implicated by this possibility? Wouldn't that be a simple crime, or even a tort? I just can't get worked up over possibilities like these. I have no terrorist plots or child pornography stored on my hard drive. But I probably do have information that would be valuable to non-state criminals: passwords, credit card information, etc. So while it would be no doubt worthwhile to really try to survey and appreciate--in a way I apparently fail to do at present--the threats to my life and liberty posed by government that could be addressed by encrypting my hard drive, I will not do that here. Instead I will look into a particular Fifth Amendment issue that arises in connection with encrypted hard drives.

The Issue: Passwords and Self-incrimination

Suppose that you do have child pornography on your computer and that the government seizes your hard drive. Suppose now that you have encrypted your hard drive; can the state compel you to reveal and/or enter your password and make plain the contents of your files? Obviously--or let us suppose, anyway--you'd rather not. But can you really claim that you have a right not to? This question came up recently in the Boucher case, in which a magistrate judge granted the defendant's motion to quash a subpoena requiring him to decrypt his hard drive before a grand jury. The crux of the issue is the Fifth Amendment protection against self-incrimination in criminal trials; the very act of entering the password, the magistrate judge found, would be incriminating, since Boucher would thereby implicitly authenticate the files as his own. A federal judge recently overturned the magistrate judge's decision and essentially compelled Boucher to decrypt his hard drive for the grand jury. To my mind, this was a no-brainer; when the authorities seized Boucher's computer--and on that hangs another tale--and examined it, they found what appeared to be child pornography. After some days, when the encryption password reset, they found that they could no longer access the files, and required Boucher's password to get at the evidence they needed. If a person in Boucher's position could not be compelled to decrypt his hard drive, then people with incriminating files on their computer could easily avoid doing time simply by encrypting their data. As a policy matter this seems to me to be clearly untenable. What I will attempt in the next section is to understand the other side: why would anyone--why did the magistrate judge, in particular--think that the Fifth Amendment could be (I want to say) exploited in this way to protect criminal behavior?

Arguments for Recognizing a Fifth Amendment Right not to Decrypt

  • I assume this is a paper in process. You can lose the first part, so as to make the Fifth Amendment inquiry fit within 1,000 words. Reasons why you don't want any casual possessor of your laptop to be able to access the hard drive have occurred to you. That's sufficient, without expecting you to be a civil liberties enthusiast (EFF members are more likely to be, after all, than other people) who would want to encrypt her hard drive for reasons that don't appeal to you. But you needn't spend valuable words on that point. I don't think you've explained fully why the Fifth Amendment privilege is at stake, which may be related to the reason why the arguments seem a little one-sided to you. But if you keep following out the lines of argument I'm sure you can make a valuable paper of this.

Navigation

Webs Webs

r4 - 17 Apr 2009 - 01:48:50 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM