Monday, March 02, 2009

Fifth Amendment Doesn't Apply To Passwords

The Fifth Amendment and the right against self-incrimination has often been used to refuse to answer questions and until now that protection against self-incrimination has been extended to password protection on computers. That is until recently when federal district court Judge William Sessions in Vermont overturned a previous ruling that would have allowed a defendant to refuse to enter his password to decrypt his laptop hard drive.

Norton 360The case against Sebastien Boucher involved a laptop seized by US Immigrations officers when Boucher attempted to return to the US in 2006. Upon investigation the laptop was found to be containing several thousand files and images that allegedly contained chid pornography. Once the laptop was seized it was shut-down at which time the drives encryption PGP (pretty good privacy) turned on locking down the drive requiring a password to get in.

Prosecutors in the case had been seeking a subpoena ordering Boucher to provide the password that would allow them access to the drive. In the original ruling United States Magistrate Judge Jerome Niedermeier dismissed the prosecutions request on the grounds that entering or providing the password was "testimonial" and therefore was entitled to Fifth Amendment protection, even though the data on the drive itself doesn't hold the same protection.

On February 19 Judge Sessions over ruled that previous ruling. Stating that the existence and location of the documents are known to the government, therefore “no constitutional rights are touched,” because these matters are a “foregone conclusion.”

Since Boucher accessed the drive of his laptop at the request of the agent's and they were originally allowed to view the contents of some of the files, the government was able to ascertain that they may consist of images or videos of child pornography. The Government thus knows of the existence and location of the drive and its files. So the judge ruled that providing access the a second time to the unencrypted drive “adds little or nothing to the sum total of the Government's information” about the existence and location of files that may contain incriminating information.

Effectively the judge has said that because the government was shown the files that were on the drive and Boucher allowed agents to view the contents the first time around he could not use the protections under the Fifth Amendment. Had he not allowed them to view the drive the first time around he "might" have been able to "plead the fifth." However because he willing gave them access he gave up his rights.

For more on the case as well as a few PDF files showing the content of the ruling checkout this great article at Ars Technica: Court: self-incrimination privilege won't protect password

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you