Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data 560
Trailrunner7 (1100399) writes ... Security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones, and portable drives. But the Massachusetts Supreme Judicial Court put a dent in that armor on Wednesday, ruling that a criminal defendant could be compelled to decrypt the contents of his laptops. The case centers on a lawyer who was arrested in 2009 for allegedly participating in a mortgage fraud scheme. The defendant, Leon I. Gelfgatt, admitted to Massachusetts state police that he had done work with a company called Baylor Holdings and that he encrypted his communications and the hard drives of all of his computers. He said that he could decrypt the computers seized from his home, but refused to do so. The MJSC, the highest court in Massachusetts, was considering the question of whether the act of entering the password to decrypt the contents of a computer was an act of self-incrimination, thereby violating Gelfgatt's Fifth Amendment rights.
The ruling.
Lois Lerner Method (Score:5, Insightful)
I lost the password (Score:5, Insightful)
if it's good enough for the IRS....
Re:WTF? How is this not self incrimination? (Score:4, Insightful)
It's not self-incrimination in the same way that the intersate commerce clause gives the Federal government the power to regulate absolutlely anything that might have any impact on interstate commerce even if it never leaves your house.
That is, it's clearly a blatant violation of the Constitution, to everyone but lawyers.
Re:Lois Lerner Method (Score:2, Insightful)
You don't get to take the 5th, apparently. The cops have the computer in their possession.
So, they will detain you until you provide the information they require to convict you.
But if they have to, they'll convict you of failing to provide the information they need to convict you, and then continue to detain you.
"Ense petit placidam sub libertate quietem " (By the sword we seek peace, but peace only under liberty)
Except when we don't.
Papers please, comrade. Cooperation is mandatory.
Re:The relevant part (Score:4, Insightful)
So if he had not admitted anything already and had refused to decrypt, the ruling may have been different.
That is irrelevant. The question at hand is whether or not the Government can force you to provide evidence against yourself in a criminal case. Now I'm just a stupid immigrant, but my understanding from the 5th Amendment is that nobody "hall be compelled in any criminal case to be a witness against himself". I don't care how much the police think they know. If they need his harddrive, their case is not solid and the suspect should not be required to provide incriminating evidence.
Being forced to provide evidence against yourself pretty makes it the Soviet Republic of Massachusetts.
Re:I lost the password (Score:4, Insightful)
Can they compel you to unlock a safe? A safe Deposit box? While authorities can get into these without your help, what if they couldn't?
Electronic information is directly analogous to paper. Information is information regardless of how its stored.
Digital vs Physical (Score:5, Insightful)
If it had been the exact same situation, just a combination lock on on physical file cabinet in his office, once a proper court subpena was issued Law Enforcement might have asked for the combination as a courtesy but would have been perfectly within their rights to simply cut the thing open. And if they found evidence of some unrelated crime, that is long been fair game just like a drug bust during a traffic stop.
Maybe it's different by State, I dont know
Comment removed (Score:5, Insightful)
Re:Except, of course, they have to prove you can (Score:5, Insightful)
As an accused boot-licking pro-establishment government-and-big-business shill, I agree.
As a relatively sane individual who tends to think for myself, I also agree.
As someone with passing familiarity with 4th-amendment case law, I also agree.
This guy was a first-class idiot. An encrypted hard drive is little different from a locked safe. A court can order you to open it to reveal evidence, but the police need sufficient probable cause to convince a judge to issue that order. Saying "All the evidence is in there and I have the key" is pretty convincing probable cause that there's important relevant evidence in the safe (or disk). Saying nothing is a good way (and the only really safe way, as far as I know) to ensure that you're not giving the cops any additional assistance in proving your guilt.
Re:I lost the password (Score:5, Insightful)
But having opened the safe, can they force you to 'decode' the entries on a paper document which are written in a code or cipher? If not, then they should not be able to force you to decrypt an electronic document which is written in 'code'.
Re:I lost the password (Score:5, Insightful)
Re:Except, of course, they have to prove you can (Score:5, Insightful)
He should have remained silent. Being a lawyer he should have known that.
He must be a pretty shite lawyer. (Hopefully he isn't a criminal defense lawyer, because then he really IS a shite lawyer.)
FTFA:
“During his postarrest interview with State police Trooper Patrick M. Johnson, the defendant stated ... ‘[e]verything is encrypted and no one is going to get to it.’ The defendant acknowledged that he was able to perform decryption.”
What a dumb-bumble-fark. He deserves to burn for bragging/taunting the cops.
Rules for Talking to Cops
Re:Except, of course, they have to prove you can (Score:3, Insightful)
An encrypted hard drive is entirely unlike a locked safe. It is much more like a notebook kept in a private code: if I write "June 26: red green Q 17 x-ray romeo eagle" in my journal, the state has no rightful authority to compel me to tell them what that means to me.
Re:Lois Lerner Method (Score:4, Insightful)
Except that thats not the ruling, and in your rush to karma-whore you apparently did not read the story. The reality is more nuanced than that, but of course reality gets fewer insightful votes than regurgitating nonsense about authoritarianism.
Re:I lost the password (Score:2, Insightful)
That's an incredibly stupid idea. You might as well make the password a six digit numeric, because that's about how long it will take a computer to go through every .dll on a standard Windows installation looking to see if one is the keyfile.
Re:I lost the password (Score:2, Insightful)
Not to mention that the entire witch hunt for IRS 'discrimination against right-wing groups' is a bogus, political sideshow. And beyond that, not to mention that *all* of these political groups shouldn't be tax-exempt - or certainly not in the way that allows their donors to be anonymous.
It never ceases to amaze me that presumably smart Slashdotters are so quick to subscribe to conspiracy theories (cue smarmy response about how non 'presumably smart' I am). And that they embrace nonsense just because they think they're libertarians and the issue at hand falls on the libertarian side of an issue. The wholesale compromise of U.S. democracy in favor of big cash contributions is a tragedy - for liberals, conservatives and libertarians alike. But the media love it. Ad sales spike like crazy around elections, and for TV stations, election season is probably what Christmas season has long been for retailers - a few months, without which they would operate in the red...
Re:I lost the password (Score:4, Insightful)
Re:Same lie, two people, different outcome (Score:5, Insightful)
> You saying "I lost the data" is equivalent to saying "My whole life is a lie and I don't actually know how to do any
> of the things I always talk about." Bullshit. You didn't lose the data.
Funny you would say that because.... you know I have a bunch of encrypted partitions, some of which I actually can't open. Some of it is encrypted with keys that I deleted because they were not needed. For example I have one particular one I can't open, because I never saved the key....it was only a temporary place to pull some data off encrypted tape to search for something.... after I no longer needed it, I just unmounted it. At the time I meant to go back and look for more, I never did, then I forgot the key....big deal....I have the tape still.
Course, I could never prove to anyone else that the data in there is the same as is on the tape....but.... frankly, that wasn't one of my concerns when i created it....I just didn't want to write it all to unencrypted disk and leave it sitting there.
I also have a few emails encrypted to my pgp key from the 90s. I can't seem top decrypt my key even though I thought i remembered the password. I only keep it around because someday I might guess right and there would be some minor use to having it.
Guess my whole life is a lie because I lost some data. I better go resign my day job right now!
Re:I lost the password (Score:4, Insightful)
BUT it does raise a perhaps more important question...
IANAL, but I believe the IRS can audit you after up to 6 years. Bearing this in mind, and the fact that I think it is highly unlikely that they would accept the excuse of "I only have a 6-month retention policy on my receipts" as sufficient to allow you to get away without providing the relevant documentation, it does lead me to wonder... If they are forcing and enforcing long retention policies on those that they serve, why do they get away with only having to accommodate a twelfth of the retention period themselves?
Re: known data isn't there (Score:4, Insightful)
All this is making me start to think of some kind of more clever "panic mode" encryption.
You'd have to make it really fast, such that it's reg proto-encrypted two ways, one normal, and the panic mode. So say something really fast like shift-control-alt-F11 instantly flips the "panic bit".
We as geeks could put all kinds of awesome stuff into it, smashed into a kind of digital Klein Bottle with milk for Schrodinger's cat.
"Do you know how to decrypt it?" "No" "Why not?" "Because it's time-locked with a code that cannot be found until next September." "Do you know what documents are on there?" "The ones you are looking for are not there because they were broken into component parts that only the computer knows, tied to a code that September code. Meanwhile other documents you did not know were there, are there, because they were created by algorithms the moment I hit the Panic Button and not a moment before. And the base of the September key is an English phrase which may or may not admit a crime. You don't know." "So what if the case is dismissed?" "I can do other work until September. What's important is that it cannot be broken right now."
In my opinion, that likely wouldn't work. Contrary to what you might see on TV or in movies, courts are not generally impressed by technicalities or deliberately unproductive cleverness. Consider the recent Supreme Court ruling against Aereo. The Court was entirely unmoved by the technical argument that the way Aereo implements their service is "basically like" individuals using antennas. They ruled that *overall* Aereo was obviously acting as a rebroadcaster, by taking in broadcast signals and sending them live to a large number of customers and charging for that. The notion that they don't charge for the broadcast, just the rent for the antenna was similarly unconvincing to the Court. Courts tend to look at net results, and less the technical path to achieve it. In this case, a court would rule that a) you've just admitted the system contains information related to the government investigation, b) you created the system being used to obfuscate and hide that information, and c) even though you've made it difficult or impossible to produce that information at this time, you can be compelled to do so at the earliest possible moment the system physically allows, and d) the fact that you appear to have deliberately done all of this in a deliberate attempt to thwart law enforcement with full knowledge of the legal consequences can subject you to an obstruction of justice charge.
Most judges and most courts do not consider the law to be a game that people can attempt to create exploits for. Exploiting loopholes in the law is one thing: doing so with an obvious willful intent to subvert the court tends to be looked upon extremely unfavorably. Judges have significant latitude to deal with people they think are trying to do that.
Re:I lost the password (Score:4, Insightful)
It's worth noting that the EPA also has a recent history of remarkably convenient hard drive crashes affecting an ongoing investigation.
Sarbanes-Oxley made it very clear that this shit doesn't fly for companies. You produce the records, or you get serious legal punishment (one of the few corporate cries that can land the CEO in jail, in extreme cases). No excuses accepted.
Why doesn't the government impose the same standard on itself? Yes, that was a rhetorical question.