Judge orders defendant to decrypt PGP-protected laptop

Steven M. Bellovin smb at cs.columbia.edu
Tue Mar 3 13:00:05 EST 2009 

On Tue, 03 Mar 2009 12:26:32 -0500
"Perry E. Metzger" <perry at piermont.com> wrote:

> 
> Quoting:
> 
>    A federal judge has ordered a criminal defendant to decrypt his
>    hard drive by typing in his PGP passphrase so prosecutors can view
>    the unencrypted files, a ruling that raises serious concerns about
>    self-incrimination in an electronic age.
> 
> http://news.cnet.com/8301-13578_3-10172866-38.html
> 
I would not read too much into this ruling -- I think that this is a
special situation, and does not address the more important general
issue.  To me, this part is crucial:

	Judge Sessions reached his conclusion by citing a Second
	Circuit case, U.S. v. Fox, that said the act of producing
	documents in response to a subpoena may communicate
	incriminating facts in two ways: first, if the government
	doesn't know where the incriminating files are, or second, if
	turning them over would "implicitly authenticate" them.

	Because the Justice Department believes it can link Boucher
	with the files through another method, it's agreed not to
	formally use the fact of his typing in the passphrase against
	him. (The other method appears to be having the ICE agent
	testify that certain images were on the laptop when viewed at
	the border.)

	Sessions wrote: "Boucher's act of producing an unencrypted
	version of the Z drive likewise is not necessary to
	authenticate it. He has already admitted to possession of the
	computer, and provided the government with access to the Z
	drive. The government has submitted that it can link Boucher
	with the files on his computer without making use of his
	production of an unencrypted version of the Z drive, and that
	it will not use his act of production as evidence of
	authentication." 

In other cases, where alternative evidence is not available to the
government, and where government agents have not already had a look at
the contents, the facts (and hence perhaps the ruling) would be
different.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list