I found this link today regarding the case of a woman, Ramona Fricosu, in Colorado. Apparently she and others were allegedly involved real estate fraud ring of some sort - information about which was supposedly stored on a particular hard drive on a laptop she possessed.
The woman was arrested and the laptop seized based on a wiretap.
After seizing the laptop authorities discovered that the files on the laptop were encrypted at which point they demanded (or attempted to force) the woman enter her password in order to decrypt them.
Fricosu claims that this act, of entering the password, is the equivalent of incriminating herself and is therefore protected by the US Constitution's Fifth Amendment (see underlined portion): "No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."
The Electronic Frontier Foundation posted this link to a brief they filed in the case.
Their claim is that this is a clear Fifth Amendment violation.
I agree that this should be the case - and the implications of it are quite fascinating...
For example, does what I do at, say amazon.com, get "protected" because the site requires a password from me to access? Clearly there is the implication by amazon that using the site with a password is for my protection and privacy.
Then there is the following: Though the data at amazon is password protected portions, let's say my "recommended list" for example, might not be - but access to them is controlled by the password.
By extension would this "recommended list" be in some way protected by the Fifth Amendment because its access is limited by my password, or put another way, does my mere belief by me that the password protects my amazon information (which authorities might compel amazon to release without my permission) some how grant "constitutional protection" to what's behind the password.
In the past the Supreme Court has found that a password is like the combination to a safe and unlike the key to a safety deposit box - the difference being the key exists in the physical world and the password or combination exists in the defendants mind. Further they found that forcing the defendant to compel the password demonstrates that the defendant in fact knew the password (which was not necessarily a foregone conclusion) and that it also links the defendant to the device requiring the password (again not necessarily a foregone conclusion).
There is, however, an exception - when the surrender of the password to access encrypted information is merely a foregone conclusion, i.e., the evidence so insurmountable against the defendant that disclosing the password would not change the state of the case against the defendant. So, for example, if the government had other evidence (which it does not in this case), say an email, indicating that on "such and such a laptop X exists" there might be reason to compel the defendant to disclose the password.
I think this is a very interesting case that will take a long time to resolve.
At its core the issue is the protection of what's in someone's mind and encryption is a game changer in that respect because there is no means to circumvent it - unlike a safe which could be cut open.
In 1991 PGP (Pretty Good Privacy) became available (a public key encryption system) - it was at the time considered a "munition" by the US government - and its creator, Philip Zimmerman was pursued by the government for several years because of it. Ultimately though he was exonerated.
Why was it considered a "munition"? Because governments do not like citizens to possess things they cannot access - rightly or wrongly. PGP is basically unbreakable encryption so, in the case of Fricosu, the government cannot "crack open the safe" if Fricosu doesn't give up the password.
With the power of today's computers virtually everything from text messages to Skype to email and beyond could be protected in this way.
No comments:
Post a Comment