Adapting hundreds of years of legal precedent to the internet age is not a simple set of tasks. Headway is being made but the broader implications are sometimes hard to discern.
In this case, a pornographer refused to decrypt his hard-drive. What the court has now ruled is that his refusal is protected under the Fifth Amendment of the US Constitution. This is potentially significant because one of the fault lines along which cyber law is being determined has to to do with what sort of historically protected speech or behavior is extended to the electronic era. This ruling says it is.
Before champagne corks start popping, however, there appear to be precedents in state (as opposed to Federal) courts saying the opposite. Ultimately, this may have to be determined by the US Supreme Court. The larger point is that as we live more of lives and conduct more of our business online, this ruling suggests that the law is going to adapt its precedents to contemporary behavior just as it has in other realms of human endeavor. JL
Eric Limer reports in Geek System:
You’re probably familiar with the phrase “pleading the Fifth.” You know, that thing the defendants on crime shows do when they’re obviously guilty and they just don’t want to talk about it. Well that’s also a thing in real life, and it isn’t a de facto admission of guilt.
For the unfamiliar and forgetful, the Fifth Amendment states that no person, “shall be compelled in any criminal case to be a witness against himself,” as well as a bunch of language about like, eminent domain and stuff. The point here being that the 11th Circuit Court of Appeals has just ruled that a defendant in a legal case who refuses to decrypt their hard drive for law enforcement is covered by the Fifth Amendment. This ruling dates back to a 2010 child pornography case with a defendant we’ll refer to as John Doe. Long story short, a few questionable YouTube videos and some IP tracking lead law enforcement to Mr. Doe’s hotel room door where they seized 2 laptops and 5 external hard drives, a total of 5 terabytes of data. All of Doe’s data, however, was encrypted with TrueCrypt, ostensibly in order to protect himself from identity theft (not that his intent really matters anways). When the court asked him to decrypt the hard drives, he plead the Fifth, at which point the court found him in contempt and threw him in jail.
Now, 2 years later, the 11th Circuit Court of Appeals has ruled that Doe was not actually in contempt and had every right to refuse. Naturally this is going to complicate the prosecution’s case a bit. And that’s not the only thing it complicates. Fifth amendment law as it applies to cyber-security is already complicated, and this decision only serves to make it moreso.
Traditionally, the Fifth Amendment doesn’t cover physical acts. For instance, if you’re asked unlock a safe or open a door, the Fifth Amendment doesn’t have your back. This ruling, however, defines decryption something more along the lines of “testimony.” The court’s decision describes it as follows:We hold that the act of Doe’s decryption and production of the contents of the hard drives would sufficiently implicate the Fifth Amendment privilege. We reach this holding by concluding that Doe’s decryption and production of the contents of the drives would be testimonial, not merely a physical act; and the explicit and implicit factual communications associated with the decryption and production are not foregone conclusions.
To further complicate the matter, full disk encryption is a tough nut to crack. Whereas a safe can be cracked or a door broken down (I’ll admit I’m not sure about the legal implications of warranted forced entry) encryption can be practically foolproof. Depending on the strength of your encryption, it might be impossible to crack a password in less than several hundred years, so if a defendant isn’t compelled dole out the key, the data is effectively off the table for lifetime of all parties involved.
As if this wasn’t complicated enough already, there is also already a precedent — two, actually — that say encrypted data is not covered by the Fifth Amendment. Just last month, a defendant in a mortgage scam case was forced to decrypt his laptop after a ruling by a different federal judge. Likewise, a defendant in a 2009 child pornography case in Vermont was compelled to decrypt his drive although in that case, some evidence had already been found on the computer in a section that wasn’t encrypted.The last messy thing about this whole deal is that it’s dealing with child pornography, one of the touchiest subjects relating to cyber-security, and just in general. Pleading the Fifth already carries connotations of guilt, and adding child pornography into the mix makes it really easy to appeal to fear or disgust.
Fifth Amendment cases have a history of being messy, though. After all, those “Miranda Rights” you’ve probably memorized while watching Law and Order? They became law when the Supreme Court reversed the conviction of a man who confessed to kidnapping a raping a woman. Yeah. Not pretty either, although it’s worth noting that Miranda still wound up in jail.All that being said, this issue will probably continue to be hotly debated considering the contradicting precedents and the fact that handing over an encryption password is just ever so slightly different from opening a combination lock if it is even different at all. That’s a distinction that may have to be made by an even higher court a few more years down the line.
0 comments:
Post a Comment