Sophos Cloud Optix
In a case that could have far-reaching implications for compelling criminal suspects to decrypt digital storage devices, a judge on Tuesday stayed [PDF, posted courtesy of Wired] – temporarily suspended – a previous order that would have forced him to decrypt hard drives suspected of containing child pornography.
The hard drives were seized from computer scientist Jeffrey Feldman, from the US state of Wisconsin.
The government has previously said in court papers that even without forcing Feldman to decrypt storage devices found in his house, they have managed to glean incriminating data from unencrypted portions of the storage.
The government says it found a large number of user-created links that “strongly suggest, often in graphic terms,” the presence of encrypted abuse images on Feldman’s hardware.
The investigators also found a peer-to-peer sharing utility that contained logs of 1,009 videos that Feldman had allegedly received, distributed and stored – most of the filenames being “unambiguously indicative” of child porn.
At question is Feldman’s right, under the Fifth Amendment, to be shielded from self-incrimination.
Magistrate William Callahan Jr. of Wisconsin wrote in April that this is “a close call,” but that if Feldman used a password to decrypt a storage device, it would be, more or less, the same as telling the government “something it does not already know” and would be tantamount to self-incrimination.
Callahan subsequently viewed new evidence that caused him to reconsider.
According to the order [PDF], the Federal Bureau of Investigations (FBI) had managed, given “substantial resources,” to decrypt and access one single hard drive.
On that decrypted segment of Feldman’s far more extensive storage system, the FBI says it found “an intricate electronic folder structure comprised of approximately 6,712 folders and subfolders,” in which agents found 707,307 files, including “numerous files which constitute child pornography.”
Writing [PDF] in late May, Callahan ordered Feldman to either enter the passwords without being observed by law enforcement or government counsel, or provide an unencrypted copy of the data.
However, a new federal judge, Rudolph Randa, has stayed that decision. Ars Technica’s Cyrus Farivar writes that Callahan was taken off the case, not being an “Article III Judge” and lacking the authority to grant the order in the first place.
The latest wrinkle in Feldman’s case doesn’t do much but postpone the question of whether compelling somebody to decrypt their electronic storage device is a violation of Fifth Amendment rights.
But if the government already has enough evidence to convict Feldman of possessing child abuse images, is it necessary to compel decryption?
We’ll keep watching this space. Regardless of this case or others like it, it’s important to fight the erosion of rights such as those granted by the Fifth Amendment.
Image of child and hard drive courtesy of Shutterstock.
What if he forget the password?
Would you say terroist suspects have the same rights under the 5th?
According to current doctrine, no, since terrorists are considered combatants. Combatants aren't protected under the Constitution, but they are under the Geneva convention. The Geneva Convention is not really a set of laws, but more a doctrine to govern how modern nations _should_ act.
Yes, I would, because the operative word is "suspect." We already know of a good many people "suspected" of terrorism, who have been imprisoned in terrible conditions for years without being charged of any crime, let alone convicted. (Many of them are at Guantanamo, but not only there.) But just say that they're suspected of terrorism, and many people simply shut down their brains.
Of course the same pattern turns up with regard to Miranda rights. Many people tend to assume that anyone who's arrested, or even detained, is a "criminal" and therefore has no rights, even though the person hasn't be convicted or even formally charged with anything. I'm coming to see this pattern as a combination of intellectual and moral impairment.
Yes.
If they are citizens of the US, they have all the rights of US citizens. The government shouldn't be allowed to pick who has constitutional rights, and who doesn't. It's all or nothing.
Innocent until PROVEN guilty. If they are only suspects, then they are still presumed innocent. It is the burden of the state to find the evidence they need to prosecute. It is not the burden of the suspect, who is innocent until proven otherwise, to help the prosecution with this evidence in anyway.
Whether the crime be for something small like trespassing, or something large like terrorism, all citizens have the EXACT SAME rights when it comes to the justice system. Or at least they should…unfortunately it is not practiced as well as it should be.
I'm no lawyer, but it would seem to me that requiring someone to decrypt and hand-over the plain-text contents of an encrypted hard drive would violate both the Fourth Amendment (The right of the people to be secure in their persons, houses, papers, and effects) and the Fifth (No person shall be be … compelled in any criminal case to be a witness against himself,)
Not to mention the 6th as well. Considering someone could be held "indefinitely" if they don't hand over the goods.
The Fourth Amendment is not absolute; it simply requires due process. I think the issue here is whether that due process is inhibited by the Fifth Amendment.
This is an interesting case indeed.
How is this different from a court order requiring someone to open a safe during a physical search?
Of course there should be reasonable grounds for the search.
I'm appalled at the recent erosions of our civil rights and have been preaching about it to deaf ears for over 40 years. But rape, child molestation, and exploitation of women and children have topped my list of unpardonable crimes for the same length of time.
So lets put this into perspective. If you are pulled over by the police and suspected of carrying drugs in your vehicle, you can refuse to let them search it. They in turn can bring in a trained dog to sniff around, and if the dog alerts, the police have probable cause to search your vehicle. There are many other "if / then" scenarios where law enforcement can compel you to open your door, or otherwise comply with a search. Many of these "if / then" examples are relatively benign compared to child pornography.
In the case at issue here, the FBI has probable cause to suspect the man has a large library of child pornography. With the information on that computer, the FBI might be able to rescue some or many children from the perpetrators of the rapes, assaults, and exploitation of these children, and prosecute them as well. As far as I'm concerned, these types of criminals have surrendered their rights by engaging in the horrific crimes they have committed.
Hit me with your best punch, but don't expect to knock me down.
I would say dog sniffing is a bit different.
I think cops should be able to search anything on probable cause, and be able to use what tools you need.
However, in your scenario the suspect(s) are not forced to give any information to the cop. They are not forced to do anything. The cops just found another tool to search. You are also not forced to open any doors, but if you don't comply they will use other means to do so.
In this case, I say the police absolutely have every right they want to search the hard drive with whatever means possible (maybe an encryption sniffing dog?). But they don't have the right to force suspect to give any information. He has the right to remain silent.
"As far as I'm concerned, these types of criminals have surrendered their rights by engaging in the horrific crimes they have committed. "
I'd agree… once they are found guilty. In this justice system, this suspect is presumed innocent until proven guilty in a court of law. You can't forfeit your rights by being a criminal until you are proven as one in court. Not before.
Anyways, law enforcement authorities should be able to decrypt the hard drive if this is evidence.
My fear here is that in a slightly different case it may be possible for an innocent suspect to be forced to reveal an encryption key that protects private – but not illegal – data, and they have genuinely forgotten the password. I have some data sitting around that I forgot the keys to, that I keep in case one day I can either break into it, or happen to remember the keys.