Browse Day: March 14, 2017

Man Spends 16 Months and Counting In Jail for Refusing to Turn Over Encryption Keys

Interesting ArsTechnica report on Francis Rawls, an ex-cop who has spent 16 months in jail without being convicted of any crime.

Police think there is child pornography on two encrypted hard drives they seized from Rawls. So far, though, Rawls has refused to divulge the encryption keys to the hard drives and has been in jail since September 30, 2015 for contempt of court (100kb PDF).

Mr. Rawls will be incarcerated indefinitely until he agrees to comply with and actually does comply with the August 27th Order.4 To be clear, Mr. Rawls’ incarceration is imposed to coerce his future compliance with the August 27th Order, and is NOT imposed to punish him for his past failures to comply. As soon as Mr. Rawls notifies the Court that he is prepared to fully comply with the August 27th Order, arrangements will be made to transport Mr. Rawls to an appropriate location in Delaware County so that he may effectuate his compliance by producing the Hideaway Cloud and Thundercloud external hard drives in a fully unencrypted state. As soon as the Court is notified that Mr. Rawls has complied with the terms of the August 27th Order, Mr. Rawls’ contemptrelated incarceration will be terminated.

As ArsTechnica notes, one of the reasons Rawls has been in jail so long is that US courts have not yet definitively decided whether divulging encryption keys is effectively asking a defendant to testify against himself.

The reason why Rawls is idling behind bars without charges is twofold: first, the nation’s appellate courts have no deadlines on when they must issue an opinion. And second, the Supreme Court has never addressed the compelled decryption issue.

The Supreme Court in 2000, however, ruled that demanding too much assistance from a suspect is unconstitutional because it would be akin to “telling an inquisitor the combination of a wall safe.” However, the closest federal appellate case on point was decided by the 10th US Circuit Court of Appeals in 2012. That court, based in Denver, said a bank-fraud defendant must decrypt her laptop. But that ruling wasn’t enforced because prosecutors obtained the password elsewhere.

At issue in the decryption battle is the Fifth Amendment. At its core, it says people cannot be compelled to testify against themselves. But that is the real-world view. When it comes to the virtual world, things change—at least insofar as the government is concerned. The government claims that Rawls isn’t being ordered to testify against himself and that he isn’t even being ordered to produce his passwords.

I agree with the Electronic Frontier Foundation’s amicus brief in this case that divulging the encryption keys would be inherently testimonial and Rawls has a 5th Amendment right to not provide them.

But unlike entering in a numeric combination or handing over a key, both of which merely provide access to preexisting documents, decryption transforms preexisting, scrambled data. Here, the government is not seeking the surrender of inaccessible documents, as in the case of a safe or lockbox. The government possesses the drives and can read the information contained on them. But the government seeks a transformation and explanation of that data. As described above, the government in essence possesses the pieces of an extremely complex jigsaw puzzle, but one it has been unable to complete. For this, the government wants Mr. Doe to use his unique knowledge to assemble the puzzle and to aid in his prosecution.
Moreover, translating unintelligible data via decryption communicates the content and characteristics of each and every file within the encrypted space. See Hubbell, 530 U.S. at 43. Indeed, it communicates whether any files exist at all. See id. at 43 (“[W]e have no doubt that the constitutional privilege against self incrimination protects . . . from being compelled to answer questions designed to
elicit information about the existence of sources of potentially incriminating evidence.”).

Thus, compelled decryption using a password requires using the contents of the suspect’s mind to explain data to the government. That is inherently testimonial and therefore is always protected by the privilege.