I probably use the wrong terminology in some places because IANAL. If you’re an attorney and you’re offended by my ignorance, I wouldn’t mind if you were to offer some corrections. I didn’t go to law school, but it’s like Judge Smails says: Well, the world needs ditch diggers, too!

---

The following is written in response to some articles and commentary on MacInTouch, regarding Declan McCullagh’s article on CNET about Judge Blackburn’s decision ordering Ramona Fricosu to decrypt her laptop.

In the case of a defendant with encrypted data or encrypted disk in a computer, a common criticism is that the prosecution seeks to dig through the contents in order to build a case against the suspect or defendant. This is presented as a fishing expedition or an otherwise unlawful form of discovery or a violation of the defendant’s Fifth Amendment rights protecting them from incriminating themselves.

My initial reaction was very similar to this when reading the sensational headlines. After spending some time reading about the case particulars and what the actual opinion and orders were, I came away from it with a different opinion entirely.

---

When there is a search conducted at the home or office of a suspect in a criminal investigation, and the warrant includes items like files, documents, or financial instruments, and in the course of the execution of that search a safe is discovered, the police will probably want to examine the contents of the safe. Refusing to comply will lead to one of two things:

• They will open it using brute force or some other means
• They will compel the owner to open it

…and then they will use the contents against their suspect or defendant as evidence. Before getting into the specifics of what opening that safe involves, I believe that not opening the safe is at least contempt and possibly obstruction of justice.

In Ramona Fricosu’s case, the warrant was authorized and executed, and the locked safe was her Toshiba laptop and whole-disk encryption from PGP.

What I find interesting is that ultimately, it’s all in what you ask for.

Courts have ruled previously that it is a violation of your Fifth Amendment protection against self-incrimination to be ordered to provide the Court with a password. This is one of the relevant decisions in United States versus Kirschner; the Majority and Dissenting justices specifically use different analogies of handing over a key versus disclosing a combination. Even more interesting to me was that even if the defendant is granted immunity in the course of complying with such an order, they are still able to exercise their Fifth Amendment protections.

Unfortunately for Ramona Fricosu’s defense team, the Judge is not ordering Ms. Fricosu provide the court with the password, thereby testifying against herself. They’re ordering her to supply the data, perhaps even by being present for a forensic examination and capture of the disk, the particulars in the order weren’t referenced in Declan’s article. From my perspective though, the fact that someone opted to encrypt the data doesn’t mean they are immune from lawful search warrants. There are already legal remedies to challenge the validity of an order or to exclude something from evidence based on how it was acquired, and I find myself agreeing with Judge Blackburn that public interests will be harmed otherwise.

As for possible next steps for Ramona Fricosu, in the case of mortgage fraud the going sentence for stealing $500m-$3b seems to be as low as 40 months, in the case of Paul R. Allen. Obstruction has a maximum sentence of 20 years according to Wikipedia (again, I’m not an attorney and my legal knowledge comes from watching Law & Order, Monk, and Google searches). With that in mind, were I on the receiving end of that order, I would start working on my plea with counsel with the hope that my new found love of cooperation may be worth something to the People. Defendants routinely leverage evidence and cooperation as a means of negotiating a lower sentence, or immunity from other actions that may be illegal or discovered as a result.

The only real issue I have with all of this is that it has the potential to put the burden on the suspect/defendant to prove their innocence in one important scenario: the forgotten or otherwise unavailable credentials to unlock or decrypt the data that has been subpoenaed.

As far as I know, TrueCrypt is the only free encryption mechanism that offers the user plausible deniability and also works with Mac OS X, Windows, and the just about every other operating system. TrueCrypt allows the user to opt to deploy hidden volumes which can be wrapped inside of another encrypted volume, allowing the user to leverage different passwords or a different set of credentials to gain access to different virtual filesystems. The purpose for doing so is mainly that under duress (gun to your head, extortion) you can disclose the contents of the encrypted device by providing access to a false volume or honeypot, while still protecting secret data.

TrueCrypt’s hidden volume is specifically designed to evade detection by hiding in the so-called outer volume, and the outer volumes are always full of random data in the unused space. Even when you have mounted the outer volume under duress, since the free space on a TrueCrypt volume is always random bits, you would be unable to prove there is another partition there.

There are usually other indications or a means to determine that this is the case (probably out of scope here). In my opinion, “good old-fashioned detective work” and a proper investigation is the better approach in those circumstances.

Encryption options such as PGP Whole Disk Encryption and File Vault do not offer a user plausible deniability, so people know that there is encrypted data present and sometimes there are indicators that indicate the presence of evidence. Encrypted HFS+ disk images are obviously encrypted disk images. PGP virtual disk devices are also obviously encrypted disk images.

It would take a lot to convince me to decrypt my MacBook Air’s File Vault for a TSA agent or Homeland Security border checks. I’d rather have them just keep the laptop on principal and sue them and buy a new one. Should I get served with a search warrant, I don’t have any reason to believe I’m within my rights to refuse to comply without there being consequences.

Laws are always enforced by force, or the threat of force. It’s been like this in the United States for about a couple hundred years now though, so it shouldn’t be a shocking revelation to anyone. I think the other issues such as mental defect or inability to comply with the order will need cases that raise those issues in order to reach some further clarity. I have every reason to believe there will be plenty of opportunities in the future for this to occur.

I know my thoughts on this issue are probably not going to convince someone wrong on the internet that is certain this has something to do with living under a Nazi Regime, lizard people, or Obamacare, but at least I got to spend some time exploring the cases myself and learned a little more about:

• the United States Constitution
• the All Writs Act of 1789
• United States v. Hubbell, 120 S.Ct. 2037 (2000)
• Fisher v. United States, 425 U.S. 391, 408 (1976)
• United States v. Doe, 487 U.S. 201, 212 (1987)

I also finally stopped smirking every time I read the word “briefs”.

tl;dr

Based on everything I read tonight, it is my opinion that being ordered to provide a password or something in your brain is a violation of your Fifth Amendment right to not incriminate yourself, but being ordered to turn over materials that have been lawfully subpoenaed, is not.

Bonus Wit

On a lighter note, this is the first I’ve heard of a user of PGP Whole Disk Encryption that doesn’t involve catastrophic data loss. If I were the Defendant’s counsel, there are plenty of anecdotes on the Symantec support site detailing the numerous ways that this product crushes users with everything from performance problems to corruption of data. Maybe their Windows products aren’t terrible, but there are few purchases that offer Mac users more heartache and rage than PGP.

---

x-version: 1.0.201201252158