Can the government compel you to provide your computer password if they think there is illicit material stored in an encrypted part of the hard drive? If there was ever a case when it seemed like the Constitution was no match for modern technology, this might be it. In the last few years, a number of cases have arisen wherein criminal defendants were subpoenaed to produce either their password to or the unencrypted contents of a computer hard drive. The Constitutional question that arises is whether this order to produce information would compel the defendant to incriminate herself by implicating her knowledge and possession of the information by providing the password. If the government already has reason to know that there is information to be obtained on a computer, the court can simply issue a warrant for documents that already exist, regardless of where they are located. The former is protected by the 5th Amendment, the latter is permitted under the 4th Amendment. It can sometimes be difficult to determine exactly what is being asked of a defendant. That makes it important to understand the distinctions.
I first read about this issue in a story about U.S. v. Fricosu in Wired Magazine back in January. Since then, the court issued its ruling ordering the defendant to produce the password. The court based its decision on a case that took place back in 2009. There they compared the act of encrypting a computer’s hard drive with putting documents in a safe:
Placing papers in a safe cannot lawfully preclude a grand
jury from reading them any more than filing them in an unlocked
cabinet or saving them on a digital storage device.
In re Grand Jury Subpoena Duces Tecum Dated Oct. 29, 1992, 1 F.3d 87, 93 (2nd Cir. 1993). Although the legal conclusion was upheld on appeal and the Supreme Court declined certiorari, the difference between hidden files and merely encrypted files is actually important. It’s a rather complicated difference, one that is much better explained in this well-researched and very insightful law review note by Nathan McGregor (PDF) in the Vanderbilt Journal of Entertainment and Technology Law. McGregor teases apart the distinction that courts wrestle with in these cases by delving into the nature of encryption itself. Analogizing an encrypted document to one put in a wall safe is not quite accurate, he argues, because encryption does more than just hide the file from view–it transforms the file into a form that is still viewable but essentially meaningless without the decryption code. Thus the analogy of a safe should be replaced with that of a document fed through a shredder.
The document has always existed, though the message had been temporarily
garbled in its encrypted state. That the defendant, rather than the government,
can quickly obtain a readable version of the document should not render it
immune from subpoena.
McGregor at 605. If the document can be reconstructed by simply entering a password, there is no protection if the government has reason to know its contents and the issues of possession and authentication can be resolved through other methods. This means that neither the 4th nor 5th Amendments apply if authorities can show that the defendant had exclusive possession of the computer and that the encrypted files likely belonged to her.
It is important to note, however that for the average person on the street, a police officer cannot simply stop you and demand the password for your phone or laptop. The law, at least as it stands now, does not allow the government to demand access to your files merely so it can look to see if there are incriminating documents stored within it. That would violate more than three centuries of legal protections that predate the Revolution. The so-called “private papers” doctrine began in England with the case of Entick v. Carrington (95 Eng. Rep. 807 (K.B.)) in 1765 . Rather than bore you with the specifics, what it boils down to can readily be traced to the 4th Amendment’s protections against warrantless searches and seizures. The government must have a valid reason before it can demand access to your stuff, regardless of whether it is contraband hidden in a wall safe or stored behind 128-bit encryption.