Fifth Amendment Protects PGP Passphrase
At his CNET blog The Iconoclast, Declan McCullagh reports on a Vermont federal magistrate's ruling preventing prosecutors from forcing a defendant in a child porn case to divulge his PGP encryption passphrase.
U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.
At The Volokh Conspiracy (which has the text of the ruling), Orin Kerr says the the decision was wrong, at least given the facts of the case. For Kerr, the nub was that the defendant voluntary showed border agents the location of the pornography on his computer when they first questioned him. It was only later, when a forensic analyst went to look at the hard drive, that he was blocked by the drive's encryption. The judge rejected the argument that the Fifth Amendment did not apply because the testimonial fact of the encryption key was a "foregone conclusion" and not protected. But Kerr believes it was a foregone conclusion: "The subpoena is simply trying to get Boucher to take the officers back to where he had already taken them before: through the passphrase so they can access the files."
In a comment on the case at EDD Update, Craig Ball also has doubts the decision will stand. He also sees an important lesson here for computer forensic examiners to heed before they shut down a live system: "Look for evidence of encryption before you pull the plug. If you find it, don't shut down, keep the screensaver from activating and get power to the machine pronto!"
Posted by Robert J. Ambrogi on December 17, 2007 at 02:08 PM | Permalink
| Comments (0)