Judge orders defendant to decrypt PGP-protected laptop
Steven M. Bellovin
smb at cs.columbia.edu
Tue Mar 3 13:00:05 EST 2009
On Tue, 03 Mar 2009 12:26:32 -0500
"Perry E. Metzger" <perry at piermont.com> wrote:
>
> Quoting:
>
> A federal judge has ordered a criminal defendant to decrypt his
> hard drive by typing in his PGP passphrase so prosecutors can view
> the unencrypted files, a ruling that raises serious concerns about
> self-incrimination in an electronic age.
>
> http://news.cnet.com/8301-13578_3-10172866-38.html
>
I would not read too much into this ruling -- I think that this is a
special situation, and does not address the more important general
issue. To me, this part is crucial:
Judge Sessions reached his conclusion by citing a Second
Circuit case, U.S. v. Fox, that said the act of producing
documents in response to a subpoena may communicate
incriminating facts in two ways: first, if the government
doesn't know where the incriminating files are, or second, if
turning them over would "implicitly authenticate" them.
Because the Justice Department believes it can link Boucher
with the files through another method, it's agreed not to
formally use the fact of his typing in the passphrase against
him. (The other method appears to be having the ICE agent
testify that certain images were on the laptop when viewed at
the border.)
Sessions wrote: "Boucher's act of producing an unencrypted
version of the Z drive likewise is not necessary to
authenticate it. He has already admitted to possession of the
computer, and provided the government with access to the Z
drive. The government has submitted that it can link Boucher
with the files on his computer without making use of his
production of an unencrypted version of the Z drive, and that
it will not use his act of production as evidence of
authentication."
In other cases, where alternative evidence is not available to the
government, and where government agents have not already had a look at
the contents, the facts (and hence perhaps the ruling) would be
different.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list