The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against an ex-cop who claimed he couldn't remember the password to decrypt his computer's hard drives.
In so doing, the appeals court in Philadelphia avoided addressing a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination.
In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant – referred to in court documents as "John Doe" because his case is partially under seal – in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer.
The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus were seized as part of a child pornography investigation. The bloke is understood to be Francis Rawls, a former police sergeant who has been held in jail without charge for the past 17 months because he has not handed over his Filevault encryption passwords.
"Doe voluntarily provided the password for the Apple iPhone 5S, but refused to provide the passwords to decrypt the Apple Mac Pro computer or the external hard drives," the appeals court ruling states. "Despite Doe’s refusal, forensic analysts discovered the password to decrypt the Mac Pro Computer, but could not decrypt the external hard drives."
Forensic examination of the computer indicated that the device had been used to visit known child exploitation sites and to download thousands of files with the same hash values as known child pornography files.
The files themselves, however, were not present on the computer. They are assumed to be stored on the external encrypted hard drives.
Authorities in Delaware investigating the case already had a sense of the contents of the drives because, according to court documents, the defendant's sister had told police investigators "that Doe had shown her hundreds of images of child pornography on the encrypted external hard drives."
Further interaction with authorities led the defendant to provide access to his iPhone 6 Plus, but not to an encrypted application on the phone that contained over 2,000 images and videos.
In August, 2015, the judge hearing the case issued "an order pursuant to the All Writs Act requiring Doe to produce his iPhone 6 Plus, his Mac Pro computer, and his two attached external hard drives in a fully unencrypted state."
The defendant subsequently unlocked the images on the iPhone 6 Plus, which contained adult pornography and images of the defendant's four- and six-year-old nieces in underwear.
'Entered several incorrect passwords'
"Doe, however, stated that he could not remember the passwords necessary to decrypt the hard drives and entered several incorrect passwords during the forensic examination," the appeals court's ruling says.
The Magistrate Judge hearing the initial case, however, did not believe the defendant's claim. The judge "found that Doe remembered the passwords needed to decrypt the hard drives but chose not to reveal them because of the devices' contents."
The appeals court found that forcing the defendant to reveal passwords was not testimonial in this instance because the government already had a sense of what it would find.
Courts currently distinguish between acts of production – being compelled to reveal evidence – and acts of testimony – being compelled to reveal information in the mind – except where the testimony would not provide new information. In some courts at least, this distinction allows courts to demand a fingerprint to unlock a device but not to demand a password.
In a phone interview with The Register, Mark Rumold, senior staff attorney at the Electronic Frontier Foundation – which filed an amicus brief in this case arguing against compelled password production – said the ruling was disappointing but not entirely surprising and noted that the EFF's position is that individuals should not be compelled to provide passwords.
"Any time suspects are forced to disclose the contents of their mind, that's enough to trigger the Fifth Amendment, end of story," said Rumold.
Others take issue with the idea that technology might be allowed to trump legal process. In a 2015 California Law Review article arguing that forced decryption is necessary to balance individual rights and government power, Dan Terzian, presently an associate at Duane Morris LLP, argues that the EFF's view is too expansive.
"Scores of companies now encrypt their data," Terzian wrote. "In the EFF’s alternate universe, these companies are effectively immune from discovery and subpoenas."
Rumold said the the Third Circuit has adopted a test accepted by the Eleventh Circuit that hinges upon how much the government already knows. He said he expects the Supreme Court will ultimately have to weigh in on the issue, adding he wouldn't be surprised if this case seeks Supreme Court review. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks