Forgot your password?
typodupeerror
Encryption The Courts

Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data 560

Posted by Unknown Lamer
from the wrench-helps dept.
Trailrunner7 (1100399) writes ... Security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones, and portable drives. But the Massachusetts Supreme Judicial Court put a dent in that armor on Wednesday, ruling that a criminal defendant could be compelled to decrypt the contents of his laptops. The case centers on a lawyer who was arrested in 2009 for allegedly participating in a mortgage fraud scheme. The defendant, Leon I. Gelfgatt, admitted to Massachusetts state police that he had done work with a company called Baylor Holdings and that he encrypted his communications and the hard drives of all of his computers. He said that he could decrypt the computers seized from his home, but refused to do so. The MJSC, the highest court in Massachusetts, was considering the question of whether the act of entering the password to decrypt the contents of a computer was an act of self-incrimination, thereby violating Gelfgatt's Fifth Amendment rights. The ruling.
This discussion has been archived. No new comments can be posted.

Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data

Comments Filter:
  • by pjh3000 (583652) * on Thursday June 26, 2014 @12:06PM (#47325109)
    I lost the password in a hard drive crash.
    • by pjh3000 (583652) * on Thursday June 26, 2014 @12:07PM (#47325127)
      ... the hard drive was recycled.
    • by Anonymous Coward on Thursday June 26, 2014 @12:15PM (#47325205)

      if it's good enough for the IRS....

    • He already admitted he could decrypt it. So not really an issue here.
      • by TheCarp (96830) <sjc&carpanet,net> on Thursday June 26, 2014 @02:24PM (#47326575) Homepage

        Not only that either.... he admitted not only that he COULD but, that the communications that they were looking for were, indeed in those encrypted volumes.

        As I understand, previous arguments and rulings have centered upon the idea that decrypting data would potentially give away information that the police didn't have already: like that you have the key and are associated with the contents.

        If the police find a USB key in my drawer, and I refuse to talk about it, they only know that I posessed it. They don't know whats on it...or that I actually know whats on it. For all they really know, it could be an empty encrypted parition that I setup and lost the key to (yes, I have done this a coupel of times), it could even be a drive someone asked me to hold onto.

        OTOH if I give them that information, then they can connect me directly with the unencrypted data, this makes a good amount of sense in that case.

      • He just needs to tell them that the passphrase he uses contains a confession to a crime. Then, he could not divluge his password without confessing to a crime, which he cannot be compelled to do.
    • by sycodon (149926) on Thursday June 26, 2014 @12:31PM (#47325401)

      Can they compel you to unlock a safe? A safe Deposit box? While authorities can get into these without your help, what if they couldn't?

      Electronic information is directly analogous to paper. Information is information regardless of how its stored.

      • by jythie (914043) on Thursday June 26, 2014 @12:34PM (#47325441)
        They can indeed compel you to unlock a safe, just like they can compel one to hand over documents during discovery.
        • by grahamm (8844) <gmurray@webwayone.co.uk> on Thursday June 26, 2014 @12:52PM (#47325639) Homepage

          But having opened the safe, can they force you to 'decode' the entries on a paper document which are written in a code or cipher? If not, then they should not be able to force you to decrypt an electronic document which is written in 'code'.

        • They can indeed compel you to unlock a safe, just like they can compel one to hand over documents during discovery.

          Not if it has a combination lock. Under some circumstances, that is.

          See, a lot of people here aren't getting what this is about. The 5th Amendment, and how it works.

          You cannot be compelled to produce knowledge -- "a product of the mind", as the courts put it -- if that could incriminate you. That includes an encryption key or a safe combination.

          But what many people don't seem to get here, and what many people find strange, is that this only holds if the contents are unknown. If the contents are alr

      • by mythosaz (572040)

        This is, essentially, the crux of the issue - are encrypted records and passwords the analog of combination locks on safes?

  • I mean, all you have to say is that you lost the actual key and cannot comply.

    • by spacepimp (664856)

      Sure, but lying is perjury. He shouldn't be compelled to incriminate himself according to the fifth amendment.

    • I mean, all you have to say is that you lost the actual key and cannot comply.

      Didn't work for Calvin. It won't work for you.

      The lie ends in a citation for contempt and a stay in a Ricker's Island holding cell until your memory improves, or hell freezes over, whichever comes first.

  • Lois Lerner Method (Score:5, Insightful)

    by bhlowe (1803290) on Thursday June 26, 2014 @12:08PM (#47325135)
    Take the 5th and say your computer crashed. That works for the IRS.
    • Re: (Score:2, Insightful)

      by gstoddart (321705)

      You don't get to take the 5th, apparently. The cops have the computer in their possession.

      So, they will detain you until you provide the information they require to convict you.

      But if they have to, they'll convict you of failing to provide the information they need to convict you, and then continue to detain you.

      "Ense petit placidam sub libertate quietem " (By the sword we seek peace, but peace only under liberty)

      Except when we don't.

      Papers please, comrade. Cooperation is mandatory.

  • by Joe Gillian (3683399) on Thursday June 26, 2014 @12:13PM (#47325185)

    If you read the ruling, the court admits that the only reason they said the defendant could be compelled to decrypt his data was because he had already admitted to the police that he was involved in the case, and that the details of his involvement were on the hard drive. I'm sure if he had kept silent the entire time and told them nothing, it would've been a different story.

    • by rahvin112 (446269) on Thursday June 26, 2014 @12:19PM (#47325251)

      You would think a lawyer would know better than to talk to the police.

    • by Nyder (754090)

      If you read the ruling, the court admits that the only reason they said the defendant could be compelled to decrypt his data was because he had already admitted to the police that he was involved in the case, and that the details of his involvement were on the hard drive. I'm sure if he had kept silent the entire time and told them nothing, it would've been a different story.

      I don't agree. Even if he admitted he as involved, giving up any evidence of his involvement is self-incrimination. They don't know how much he was involved and his evidence would show that. Obviously if he gives it to them, it will show exactly what he was doing, thus proving he was guilty, which would be self-incrimination if he gives it.

      They need to prove he broke the law with other evidence, then what he has encrypted, because legally, they aren't allowed to have him give up the info.

    • I haven't RTFR but while yes he's said he's involved, I wouldn't expect he'd have to tell them WHAT his involvement was...that's the prosecutions job.

      The ruling (from accounts) seems to be separating the providing of the password from the contents of the drive - which is an unreasonable search. If they already know what he's done from what he's said, they could easily give him immunity for anything else found on the drive except what backs up what he's already said - then there's no 5th violation.

      Als
  • Next stop, SCOTUS and get new lawyers if they don't want to take you there.

  • Important Caveat (Score:5, Informative)

    by Rary (566291) on Thursday June 26, 2014 @12:20PM (#47325265)

    Haven't read the entire ruling, only scanned it, but there is an important caveat in it:

    We now conclude that the answer to the reported question is, "Yes, where the defendant's compelled decryption would not communicate facts of a testimonial nature to the Commonwealth beyond what the defendant already had admitted to investigators."

    Seems like this guy has said "I did this, this, and this, and these files show that, but I don't want to let you see them", and the Court has ruled that he has to, because he's already admitted to those things, and therefore he would not be incriminating himself in doing so.

    Of course, the reality may be that there's evidence of further illegal activities that he hasn't admitted to in the encrypted files. That might make the case for self-incrimination. I'd have to read the full ruling to see what, if anything, they said about that possibility.

    • Of course, the reality may be that there's evidence of further illegal activities that he hasn't admitted to in the encrypted files. That might make the case for self-incrimination.

      But in making such an argument, wouldn't he then be admitting them, thus invalidating the case for self-incrimination? Sure, it's a catch-22 (and therefore should not be true), but the judicial system doesn't seem to care about that anymore...

    • by Rary (566291)

      Just doing a little digging into the details of the 5th Amendment in practice, and found this interesting tidbit:

      The Court acknowledged that it is well established that a witness, in a single proceeding, may not testify voluntarily about a subject and then invoke the Privilege against Self-Incrimination when questioned about the details.

      That could very well apply in this case, so that even if there is additional evidence in the files beyond what he has admitted to, the moment he started admitting to some of it, he effectively waived his self-incrimination right.

  • by Anonymous Coward on Thursday June 26, 2014 @12:21PM (#47325273)

    This is why you don't talk to the cops, especially if you find yourself in the fortunate situation of having illegally acquired 13 million dollars and encrypted all of the evidence. If you say nothing to the cops, you win. The only way you lose is if you brag to them about how awesome a job you did at getting away with the crime.

    The people up here who are saying "tell them you lost the key" "tell them it was scrambled not encrypted, etc" are all idiots. Lying to the cops is a crime. Telling them nothing is the superior response.

    Cop executing search warrant: "it's asking for a password"
    Def: "I want a lawyer, I'm not talking to you"
    Cop: "You encrypted it, didn't you?"
    Def: "lawyer lawyer lawyer"
    Cop: "We'll just get a warrant anyway and you'll go to jail. Help us help you."
    Def: "did't you hear me? I want a lawyer"

    That being said, I'm in FL so I'm covered by the 11th circuit ruling. Either way, silence is golden. I'd say that at least 30 percent of my cases would have turned out much better if clients hadn't consented to searches, admitted to elements of crimes or just generally blabbed when they should have remained silent.

    • by Svartalf (2997)

      Precisely. There's several copies of a prominent law professor's lecture on the subject and spells out PRECISELY why you don't do things like that.

      https://www.youtube.com/watch?... [youtube.com]

      Now, the burning question would be, "how did they get access to his encrypted system files?"- without a warrant, they're just as screwed in light of the recent Supreme Court rulings. You need a warrant for those things- and you need to state you're looking for a specific on them before they can legitimately reach the conclusion

  • Would it be possible to have a system where you have a second key that "decrypts" to an empty drive? I don't see how they could prove that you used your primary or fake key.
    • In fact, there are multiple ways of handling schemes such as that. Different passwords may decrypt to partitions that are empty, only contain your benign data, only contain your incriminating data, or may erase everything. Decrypting a partition that is empty or erasing everything is a pretty obvious ploy, but if you actually keep your benign data on a partition separate from the incriminating data, it'd be a lot harder for them to prove anything.

  • He'll have to call their bluff by not providing the password, and they'll probably hold him for contempt. Then there will be a public opinion campaign to have him released.

  • by Quantus347 (1220456) on Thursday June 26, 2014 @12:32PM (#47325409)
    I get the legalese argument the guy as trying to make and the narrow line they tried to draw with the ruling, but Im not sure why it even got past the original judge.

    If it had been the exact same situation, just a combination lock on on physical file cabinet in his office, once a proper court subpena was issued Law Enforcement might have asked for the combination as a courtesy but would have been perfectly within their rights to simply cut the thing open. And if they found evidence of some unrelated crime, that is long been fair game just like a drug bust during a traffic stop.

    Maybe it's different by State, I dont know
    • by JeffOwl (2858633)

      The difference is that a locked file cabinet is trivial to circumvent without the cooperation of the key or combination holder. Once they had the warrant the police wouldn't bother with the courts, they would hire a locksmith or some other such expert to break open the cabinet or safe. Apparently the encryption on the hard drive in this case is much more difficult if not impossible for anyone at the state level to break it within a reasonable time period. So to avoid waiting 5 years and spending lots of

    • by Arker (91948)
      "If it had been the exact same situation, just a combination lock on on physical file cabinet in his office, once a proper court subpena was issued Law Enforcement might have asked for the combination as a courtesy but would have been perfectly within their rights to simply cut the thing open."

      The only difference appears to be that the LE agency involved purports to be incapable of 'cutting the lock.'

      Well that and the unwise statements made to police by the defendant voluntarily. It would be interesting if
      • by AK Marc (707885)
        He confirmed he had relevant documents. They could have subpoenaed the records, rather than the key.

        It would be interesting if a similar case could be constructed with an un-cuttable physical lock, but of course such things do not exist...

        They do, if you have a sufficiently booby-trapped safe. If broken open, it destroys the contents.

    • Breaking the lock only requires reasonable cause. Compelling the defendant to provide the security code introduces the fifth amendment question. Breaking encryption takes time and money that the state would rather spend elsewhere.
  • Has anybody else been compelled to give up a physical key or did they just get a warrant and use a locksmith? Seems this is the digital equivalent but the state is bitching that since the locksmith is to expensive and takes to much time so they need different rules.

    • Not quite, but you are making a good point. According to The Ruling the only reason the motion was filed and this issue came at all up was because the guy happened to have used a particularly effective encryption software that the State was unable to circumvent. But they tried and would have been perfectly allowed to use any of the information found had they succeeded. Which is like saying that the 5th amendment would protect the contents of my safe, but only if I can afford a top-of-the-line one.
    • by mbone (558574)

      A better analog might be, suppose someone said in testimony

      I buried all my documents in a box out in the desert.

      Could they then be compelled to provide the location if police searches turned up a blank? Seems like they could.

      Of course, if you are willing to go to jail and wait it out, the "compulsion" is never forever, Seems like that might depend on just what's in those documents.

  • by MikeRT (947531) on Thursday June 26, 2014 @12:33PM (#47325425) Homepage

    I think the correct response here would be to say that you can plead the 5th on the question of whether you can decrypt it or not, and if you claim the 5th compulsion is illegal. However, once you make an affirmative statement you waive the right to not be compelled. In terms of a key, it would be like if you had an almost impenetrable door that used a single key. The police ask you if you are in possession of said key while they have a valid warrant. You say yes, which means they have a right to compel you to hand over the key per the valid warrant. However if you shrug and plead the 5th it should not be on you at that point.

  • This case illustrates why it's so important to have something like the recently-shut down TrueCrypt project out there. If prosecutors can't prove the existence of an encrypted volume, they can't keep you in jail for not giving up the keys for something which might not exist.

Never say you know a man until you have divided an inheritance with him.

Working...