Wired.com has an update on the US v. Fricosu case, which I covered here last year. A couple of more revelations have popped since I last covered it. Among them: trying to crack the laptop encryption software might damage the disk. Huh?
Foregone Conclusion Doctrine
As I noted in my July 2011 post, there are times when the government can compel you to dig up evidence that incriminates you. Under the foregone conclusion doctrine, if the government knows about the existence of a particular piece of evidence, they can ask you to produce it, and you have to provide it.
To emphasize the point, this is only possible if the government knows (and, in all due probability, it can prove it). It doesn’t apply if they think, or they’re pretty sure, or a number of other situations where the government doesn’t actually know. Case in point: US v. Boucher, where a Canadian was ordered to reveal his password to his encrypted laptop by the US government. The government knew that Boucher’s laptop contained kiddie porn.
The Fricosu case, on the other hand, differs in that the US government isn’t sure what is in Fricosu’s laptop…or that it is Fricosu’s laptop (or, at least, that’s the defense’s claim). Without 100% certainty, the foregone conclusion doctrine doesn’t apply, and forcing Fricosu to reveal the password goes against her Fifth Amendment rights. (Also, no kiddie porn in this case. They’re looking for evidence related to real estate scams.)
According to wired.com, the US Attorney making the case for the government noted that
government knows that the defendant had access to, and control over, the subject computer immediately prior to the search warrant execution because it was found in her bedroom, on top of the laptop case
Sounds a little weak. Laptop computers, for example, can be borrowed. Just because it’s in someone’s bedroom doesn’t really prove anything, unless the person lives alone. Even then, it could be a friend’s computer (e.g., he left it behind the last time he came over).
I’d be more convinced if the above statement had read “the computer was found in her bedroom, tied to the bed.”
Damage the Computer if Analyzed?
The government attorney also claimed that
it might “require significant resources and may harm the subject computer” if it tried to crack the encryption. [wired.com]
Well, obviously it would take significant resources to crack encryption. I mean, what’s the use of encryption software like AlertBoot if it doesn’t take significant resources to crack it? Are you kidding me? What kind of an argument is that?
Less laughable is the claim of harm to the hardware. There are ways you could booby-trap an encrypted computer disk. For example, I have heard of encryption schemes where two passwords are used. The first is a regular password. The second one is used in emergencies only, and will wipe the encryption key, making the data irrecoverable. Also, I’ve heard of acid capsules (it really gives the term “poison pill” a bit of oomph) that are released when a certain command is given, or attempts to tamper the hardware is made.
But, again, there is a failure in logic. What’s to prevent Fricosu from giving the “wrong” password? One could argue that even forcing Fricosu to give up her password would mean there is a potential to harm the computer. If they’re so concerned, they should x-ray the disk to see if there are any physical traps; failing to find any, they should copy the hard drive (“ghost it”) and run their analysis on that copy. Of course, there is still the issue that it might be hard to crack it.
Which brings us to the non-digital parallel that is always quoted: safes. It’s common knowledge that if the government seeks evidence that’s locked up in the safe, they can’t ask for the
key(my mistake; defendants can be forced to surrender keys to safes with incriminating documents) or the combination to it from the accused (except under the foregone conclusion doctrine). So, the US government tends to crack open the safe, even if it may be booby-trapped and harm may come to the contents inside of it.
In light of this, the government’s arguments regarding “significant resources” and “harm the computer” fall flat. After all, the courts aren’t requiring the government to bust safes because it’s easy or cheap. They’re doing it because the defendants’ rights need to be protected. The government should be arguing how producing the encryption password doesn’t harm the defendant’s rights in this particular case. Assuming it can make that argument.
Related Articles and Sites: