United States v. Boucher, “Man can’t be forced to divulge encryption passphrase”
In a recent thread on Slashdot about a proposed new U.S. policy that would allow the government access to any email, there was a post that linked to this news.com entry.
In short, a Canadian citizen, legal resident of the US, was coming across the border when agents asked to look at his laptop. They visually saw what appeared to be child pornography on the machine. The laptop was taken and put into evidence. When they attempted to boot the machine again at a later date to re-examine the location where the child pornography was seen, the drive was encrypted and required a password to gain entry.
The courts tried to compel the man to divulge his encryption password, but he refused. A subpoena was issued asking that he turn over his password, and he declined, citing that it would violate his 5th Amendment right against self-incrimination.
From the article, the prosecutor tried one tactic, which failed:
“This debate has been one of analogy and metaphor. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key.”
This leads to an interesting quagmire…
“The courts likely will find that compelling someone to reveal the steps necessary to decrypt a PGP-encrypted document violates the Fifth Amendment privilege against compulsory self-incrimination.
Because most users protect their private keys by memorizing passwords to them and not writing them down, access to encrypted documents would almost definitely require an individual to disclose the contents of his mind. This bars the state from compelling its production.
This would force law enforcement officials to grant some form of immunity to the owners of these documents to gain access to them.”
It brings up quite a few interesting points of view. I personally am a STRONG advocate of encryption and I will never hand over my encryption keys anyway.
In a world where telecommunications companies have no problem breaking the law, handing private information over to the government and then asking for retroactive immunity… it isn’t only beneficial to encrypt your communications, it is NECESSARY!