Full Disk Encryption Leads to Jail Term, 7 Months and Counting.

According to arstechnica.com and other sources, a Philadelphia man has been jailed for over seven months, with no end in sight, because he claims he forgot the password to two encrypted disk drives. His lawyer has appealed, noting that the Fifth Amendment provides protection from forced decryption. Furthermore, he says, the government has failed to show that they can apply the “foregone conclusion” exception to the Fifth Amendment.


Kiddie Porn is at the Center of the Case

The suspect, a former sergeant with the Philadelphia Police Department (he got fired for “conduct unbecoming an officer” when he didn’t turn over the decrypted data), was held in contempt of the court when he stated that he didn’t remember the passwords for unlocking two encrypted external hard drives.

It is the government’s claim that these two hard drives contain evidence of child pornography. Arstechnica has a pretty good write up of the appeal, while Gizmodo has a pretty good summary of everything that happened up until the appeal. Of course, nothing beats reading the original material when it comes to details: appealing the contempt charges and an amicus brief by the Electronic Frontier Foundation. The amicus brief is especially good reading: it lays down what encryption is (in essence), why forced decryption goes against the Fifth, and why the foregone conclusion exception does not apply in this particular case. I encourage anyone to read it if interested in the issues surrounding encryption and the Fifth Amendment.


Foregone Conclusion

Fun fact: the U.S. government can legally compel YOU to hand over decrypted information that incriminates YOU, but only as long as the government can show that they know it exists. That’s right, a legal loophole exists to the right against self-incrimination.

For example, let’s say that you’re in jail and someone visits you. Over the prison visitation telephone – which is monitored, by the way – you admit to your visitor that your encrypted laptop contains damning evidence. The government can force you to turn over this evidence. Why? Because they can prove that (a) it’s there and (b) it’s damning. You admitted to it.

This actually happened.

Another example: you cross the U.S.-Canada border and an inspector looks over your laptop. He finds kiddie porn on it. You get arrested. When you get to trial, the prosecution finds that your laptop encryption kicked in. The government can force you to turn over this evidence. Why? Because they can prove that (a) it’s there and (b) it’s damning. The border inspector saw it.

This also really happened.

As you can see from the above examples, the foregone conclusion exception requires a certain degree concreteness.


This Case is Pretty Removed from a Foregone Conclusion

The foregone conclusion exception lies at the heart of this case. A lot of talk surrounds the Fifth Amendment rights, but only because the foregone conclusion exception cannot exist without it.

Despite the fact that the general public does not have access to all the details surrounding the case (the nature of the case has led to the sealing of documents), it’s pretty obvious that the exception does not apply. As the Electronic Frontier Foundation put it:

…the publicly available record shows that the government’s investigation of Mr. Doe [the defendant] has relied on testimony, provided after the search warrant was executed, of two individuals who gave no reliable insight into the contents of Mr. Doe’s external drives.

One of the individuals was the John Doe’s sister, the other a forensic examiner with Delaware County District Attorney’s Office.

The sister, apparently estranged from the defendant and supposedly with an ax to grind, claims “to have looked at child pornography with Mr. Doe in his home.” (I should remark that some attention should be paid to phrasing. It almost sounds like the two of them were sitting on the couch and enjoying the kiddie porn together. That’s not what this is…right?)

A worthwhile testimony until you realize the incident happened “more than a year before the hard drives’ seizure.” The sister admitted that she didn’t know whether what she had seen are stored in the encrypted hard drives. This matters, since the government can’t say that they know the evidence is in the hard drives. Plus, an estranged sister that has issues with the defendant does not an excellent witness make. It’s not as if perjury is a seldom seen, mystical occurrence.

In addition, operating under the doctrine of foregone conclusion, it doesn’t matter that the defendant had kiddie porn at one point in his lifetime; what matters is that he has child pornography that can be linked to the sting operation that is liked to the charges. If there’s a hit-and-run, you don’t just round up past offenders because they’ve already done it before. Obviously, there’s more than that going here, but “he had kiddie porn a year ago” is a tenuous argument, no matter how despicable you may find the defendant’s actions.

The forensic examiner, meanwhile, “testified only that it was his ‘best guess’ child pornography would be found on the hard drives.” Egregious. I don’t understand why he was put on the stand at all. If this is all it takes for the foregone conclusion exception to kick in, how is the Fifth Amendment is even worthwhile? One could always say that it’s his best guess that there’s evidence in there somewhere. They should retire the Fifth, just like they did with the Eighteenth [https://en.wikipedia.org/wiki/Eighteenth_Amendment_to_the_United_States_Constitution].

Last but not least, as techdirt.com astutely observes: if it’s a foregone conclusion, why did the government use the All Writs Act to pursue this matter? It’s like bringing in a hatchet when you claim to have surgical precision instruments.


Encryption Equals Crime?

If the contempt charge stands, it can only mean one thing: the court is admitting that the use of encryption is tantamount to guilt. Aside from the fact that it’s being used on the two hard drives, it appears that the government just doesn’t have enough evidence to nail the coffin. Their hope is that the evidence will show up in the encrypted drives. But, as far as one call tell, the truth of the matter is that government has no idea what’s in those drives. They are convinced that there’s evidence that is related to their sting operation – it’s gotta be somewhere, right? Right? RIGHT? – but stratospheric confidence alone is not enough.

Plus, what if the guy really does not remember the password? Jailing a guy indefinitely sans charges because he can’t remember. That’s some medieval stuff right there.


Related Articles and Sites:

Comments (0)

Let us know what you think