And just like that, all the court decisions made, all the court decisions waiting to be made, and all the constitutional issues are rendered moot.
February 28, 2012:
The case of the Colorado woman ordered to turn over the contents of her hard drive to federal investigators is on hold: at yesterday’s deadline, Ramona Fricosu’s attorney filed a motion with U.S. District Court judge Robert Blackburn asking him to reconsider his order, and Blackburn has given federal prosecutors until March 12 to respond.
February 27, 2012:
Last week, the 10th U.S. Circuit Court of Appeals declined to overturn Judge Blackburn’s ruling ordering Fricosu to turn over the contents of her hard drive, and today is her deadline to do so or face contempt charges. She continues to claim she cannot comply, because she doesn’t know her computer’s decryption code.
February 6, 2012: Suspect, Ordered to Decrypt Her Computer’s Hard Drive, Claims She Forgot Her Password
Did anybody not see this coming? Seriously?
Responding to last month’s ruling that the search warrant ordering her to turn over the contents of her hard drive did not violate her Fifth Amendment rights, and the judge’s refusal Friday (February 3) to suspend the order to give her time to appeal to the 10th U.S. Circuit Court of Appeals, Ramona Fricosu announced today through her attorney that she’s forgotten the password.
She faces contempt charges if she doesn’t turn over the contents of the hard drive by the end of February — but unless the judge or investigators can somehow determine whether she actually did forget the password…
January 24, 2012: Can the Government Force You to Unlock Your Computer? Well, Yes and No…
Ramona Fricosu has won the battle but lost the war: the federal court has ruled that she doesn’t have to reveal her encryption password, but she does have to turn over the unencrypted contents of her computer drive to investigators by February 21 (the complete ruling is here).
She plans to appeal.
(Thanks to John Baker for the update)
January 20, 2012:
You actually have to wonder why this has never made it to a federal court before:
Federal investigators have the right to use a search warrant to seize a suspect’s computer, of course — but if the computer is password protected or encrypted, does the warrant give them the right to force the suspect to “open” the computer for them?
A federal court in Colorado is considering the case of Ramona Fricosu who, along with her ex-husband, has been indicted for bank fraud. The evidence is allegedly in Fricosu’s computer, but the feds can’t get to it.
While they’d have the right under the search warrant to demand Fricosu turn over a physical key, she contends that the information she holds in her head — the code to access the contents of the computer — is covered under the Fifth Amendment: a semantical question James Madison probably never considered when he drew up the Bill of Rights.
The feds insist they don’t want Fricosu to give them the code: they only want her to use the code to unlock the computer’s data for them. It also offered her limited immunity: but it would only apply to the code itself and not to the computer’s contents, which is entirely worthless and clearly intended as an attempt to satisfy the letter of the law.
Which isn’t to say the court won’t rule that it does satisfy the letter of the law.
This article, and all articles on this site, are
© 2012 by Bill Bickel unless otherwise noted.
That’s a hard one. Self-incrimination? But access to the computer has been granted by the court – refusing access is obstruction of justice or contempt of court.
I think the physical key comparison is key (woops) here, there oughtn’t be a legal difference between a physical and a non-physical key. I vote yes, she should be compelled to provide the password.
I like this one because the more you think about it, the LESS sure you are of what the right answer is.
If Fricosu had used a diary with encryption (presumably something more complex than ROT-13), could the court compel her to decode it’s contents? That would involve a “key” which presumably could reside only in her head. I think this comes perilously close to self-incrimination,
If she had a piece of paper with an encrypted message, could she be
required to decrypt it? What if it were merely in a foreign language
that the government didn’t have translators for?
I think these are better analogies than physical keys and locks.
If you have a combination safe, are you required to provide the combination?
Probably not. United States v. Hubbell (2000), explaining why the Fifth Amendment had been violated:
It’s not clear how binding that statement is for this case, though.
This one’s right up my alley… I have both a law degree AND a Master’s in information security.
The parallel situation is that of a combination safe. I don’t know of any precedent, but if there is, that’s probably going to control the outcome.
My own opinion is, no, they can’t compel her to provide the password. I don’t think a search warrant entitles the government to the combination of a safe, either… it’s just that people would rather give up the combination to the safe rather than allow the law enforcement officers to use other methods to open the safe… presumably because the state wouldn’t be liable for damages if the person declined to open a safe when presented with a valid warrant, and they had to crack the safe.
(Despite what you might think, it’s not actually that hard to crack a safe, if given sufficient time and access to the proper equipment. What makes safe-cracking a valuable criminal skill is the ability to crack a safe on location, in a short period of time, quietly.)
You have the right to remain silent. What part of “silent” is difficult to understand? Of course, IINAL.
Anyway, I guess this hasn’t made it to court before because the cops know they can just remove the hard drive from the computer in question, plug it into a cop computer and read its content without password. In this case, the drive itself was most likely encrypted, but most criminals are too dumb or too lazy to do that properly — like most of us are.
The neat thing about modern versions of Windows is that you can set up AUTOMATIC encryption, and there are two different forms of hardware encryption that work if the hard drive is removed from the system or if someone tries to boot the system from a different OS.
I would give them my “special” login name and password. That’s the one that automatically erases the disk. Now who destroyed the evidence? Me or the officer who typed in my special login name and password?
In which case, you’re looking at other charges. The very first thing that the forensic examiners do is to copy the hard drive, then they work off of the copies.
Or use a different “special” login that gives access to everything except a special directory that remain hidden from that login and contains everything that might be incriminating.
The problem I have with the “safe” comparison is that if the suspect refuses to give up the combination, investigators can break in fairly easily — so it’s really a non-issue for the suspect: they get into the safe one way or the other, and the only question is whether they have to damage the safe.
With a password, or encryption code, “entry” could be impossible.
http://xkcd.com/936/
and let’s face it, her password is probably the name of her cat.
First, you have a right to avoid incriminating yourself by testimony; you do not have a right to deprive the court of evidence.
Second, given sufficient time with possession of the computer, it CAN be cracked. One approach is a massively parallel brute force attack… Very expensive, and therefore typically reserved for high-value intelligence rather than banking fraud.
Actually, Bill, they can crack any encryption given enough effort. The analogy to a safe is pretty good.
The right not to incriminate oneself (there is right to be “silent”) doesn’t mean the right to withhold evidence per se. For instance, you may not refuse to state your name. This one seems pretty clear in favor of the prosecution.
If the encryption is good, though, it might take “the age of the universe” to get it decrypted, though.
If they were, indeed, using full-disk encryption, the contents of the disk are most likely encrypted using “triple-DES” with a 112-bit key. The stronger encryption regimes are simply too slow for use on an entire disk. However, even triple-DES is probably too difficult to break by brute force without the help of the NSA.
Note, though, that some (most?) PC laptop disks support password protection of the disk controller itself. If you don’t provide the password, it won’t provide access to the disk. Makes it hard for Abby to make a copy of the disk for analysis purposes. I’ve been told that this is quite secure: the only way around is to break open the enclosure and try to extract the physical disk without damaging it, which is quite hard to do.
-jp
Physically opening and reading the disk is not that hard, per se, it’s just that it has to be done in a clean room environment, which your average computer tech doesn’t have access to. But the FBI does.
Actually, no; decent encryption is beyond the known power of all the computers in the world.
You may not refuse to state your name. That was a 5-4 decision of the Supreme Court (Hiibel v. Sixth Judicial District Court of Nevada), which makes it contented in the first place, and it says “Hiibel’s contention that his conviction violates the Fifth Amendment’s prohibition on self-incrimination fails because disclosure of his name and identity presented no reasonable danger of incrimination. ”
Which makes the extension of this to a case where there is an obvious risk of incrimination a stretch.