Pennsylvania Supreme Court Rules Suspect Can’t Be Forced to Divulge Password

In a 4-3 decision, the Pennsylvania Supreme Court ruled on Nov. 20, 2019 that a suspect could not be compelled to reveal his password to police.

A supervisory agent in computer forensics, Special Agent Braden Cook, testified that a portion of Appellant’s HP 700 Envy computer’s hard drive was encrypted with a program called TrueCrypt Version 7.1. Id. at 42. The entire hard drive of the computer was encrypted and “there was no data that could be read without opening the TrueCrypt volume.” Id. at 46. Agent Cook could only confirm that there was “Windows on the computer and the TrueCrypt,” and he had no knowledge of any specific files other than the operating system files. Id. at 50-51

. . .

A supervisory agent in computer forensics, Special Agent Braden Cook, testified that a portion of Appellant’s HP 700 Envy computer’s hard drive was encrypted with a program called TrueCrypt Version 7.1. Id. at 42. The entire hard drive of the computer was encrypted and “there was no data that could be read without opening the TrueCrypt volume.” Id. at 46. Agent Cook could only confirm that there was “Windows on the computer and the TrueCrypt,” and he had no knowledge of any specific files other than the operating system files. Id. at 50-51

. . .

Based upon these cases rendered by the United States Supreme Court regarding the scope of the Fifth Amendment, we conclude that compelling the disclosure of a password to a computer, that is, the act of production, is testimonial. Distilled to its essence, the revealing of a computer password is a verbal communication, not merely a physical act that would be nontestimonial in nature. There is no physical manifestation of a password, unlike a handwriting sample, blood draw, or a voice exemplar. As a passcode is necessarily memorized, one cannot reveal a passcode without revealing the contents of one’s mind. Indeed, a password to a computer is, by its nature, intentionally personalized and so unique as to accomplish its intended purpose ? keeping information contained therein confidential and insulated from discovery. Here, under United States Supreme Court precedent, we find that the Commonwealth is seeking the electronic equivalent to a combination to a wall safe — the passcode to unlock Appellant’s computer. The Commonwealth is seeking the password, not as an end, but as a pathway to the files being withheld. As such, the compelled production of the computer’s password demands the recall of the contents of Appellant’s mind, and the act of production carries with it the implied factual assertions that will be used to incriminate him. Thus, we hold that compelling Appellant to reveal a password to a computer is testimonial in nature.

. . .

We appreciate the significant and ever-increasing difficulties faced by law enforcement in light of rapidly changing technology, including encryption, to obtain evidence. However, unlike the documentary requests under the foregone conclusion rationale, or demands for physical evidence such as blood, or handwriting or voice exemplars, information in one’s mind to “unlock the safe” to potentially incriminating information does not easily fall within this exception.

Indeed, we conclude the compulsion of a password to a computer cannot fit within this exception. Thus, we hold that the compelled recollection of Appellant’s password is testimonial in nature, and, consequently, privileged under the Fifth Amendment to the United States Constitution. Furthermore, until the United States Supreme Court holds otherwise, we construe the foregone conclusion rationale to be one of limited application, and, consistent with its teachings in other decisions, believe the exception to be inapplicable to compel the disclosure of a defendant’s password to assist the Commonwealth in gaining access to a computer.

EFF’s About Face Campaign

The Electronic Frontier Foundation has launched its About Face campaign, intended to highlight the use of facial recognition by law enforcement and other government agencies.

Government use of face surveillance technology chills free speech, threatens residents’ privacy, and amplifies historical bias in our criminal system. From San Francisco, California to Somerville, Massachusetts communities are coming together to say “no” to this especially pernicious form of surveillance.

Join us in ending government use of face surveillance in our communities. Working with our partners in the Electronic Frontier Alliance, and other local grassroots organizations, each time a multiple of one-hundred supporters in your area sign-on, we’ll deliver the word to your local lawmakers. It’s time to correct the course and end government use of face surveillance.

The EFF has model legislation posted on its site to ban the use of facial recognition by police.

Microsoft Announces Plans to Add DNS Over HTTPS to Windows

Nice to see Microsoft join the DNS Over HTTPS crowd.

Here in Windows Core Networking, we’re interested in keeping your traffic as private as possible, as well as fast and reliable. While there are many ways we can and do approach user privacy on the wire, today we’d like to talk about encrypted DNS. Why? Basically, because supporting encrypted DNS queries in Windows will close one of the last remaining plain-text domain name transmissions in common web traffic.

Providing encrypted DNS support without breaking existing Windows device admin configuration won’t be easy. However, at Microsoft we believe that “we have to treat privacy as a human right. We have to have end-to-end cybersecurity built into technology.”

We also believe Windows adoption of encrypted DNS will help make the overall Internet ecosystem healthier. There is an assumption by many that DNS encryption requires DNS centralization. This is only true if encrypted DNS adoption isn’t universal. To keep the DNS decentralized, it will be important for client operating systems (such as Windows) and Internet service providers alike to widely adopt encrypted DNS.

Strong Demand for Hard Drives in Q3 2019

Anandtech reports that demand for hard drive storage continues to be strong, with Seagate, Toshiba and Western Digital shipping 240 exabytes worth of hard drives in the third quarter of 2019.

Market observers are attributing the significant rise in shipping HDD capacity to increasing shipments of enterprise-class nearline 14 TB, 15 TB, and 16 TB hard drives, which by now have been qualified by a substantial number of companies. For example, the average capacity of Seagate’s enterprise HDD (mission critical + nearline drives) was 6.3 TB in Q3 2019, up from 5.2 TB in the same period last year. By contrast, the average capacity of Seagate’s client hard drives was at 1.2 TB (unchanged from Q3 2018), as the bulk of such drives are intended for notebooks and their capacities range from 500 GB to 1 TB. In terms of units shipped, client and consumer electronics HDDs by far outsell enterprise and nearline drives, so, the average capacity of a Seagate HDD is 2.9 TB, up from 2.5 TB a year ago.