Wednesday, April 28, 2010

Passwords and the 5th Amendment Privilege

In two earlier posts I analyzed Sebastien Boucher’s efforts to rely on the 5th Amendment privilege against self-incrimination as his justification for refusing to give law enforcement officers the key used to encrypt part of the files on his laptop. Until now, those are the only reported case I could find that dealt with the 5th Amendment privilege’s applicability to encryption keys and passwords.


The U.S. District Court for the Eastern District of Michigan recently addressed this issue in U.S. v. Kirschner, 2010 WL 1257355 (2010). Here, according to the district court judge, is how the issue arose:

On December 10, 2009, the Federal Grand Jury issued an indictment charging Defendant Thomas Joseph Kirschner with three felony counts:

Count One: 18 U.S. Code § 2252A(a)(2)(A)-Receipt of Child Pornography on or about May 9, 2009, `including by computer.’

Count Two: 18 U.S.C. § 2252A(a)(2)(A)-Receipt of Child Pornography on or about June, 2009, `including by computer.’

Count Three: 18 U.S.C. § 2252A(a)(2)(A)-Receipt of Child Pornography on or about August 2009, `including by computer.’

On November 20, 2009, an Assistant U.S. Attorney (`AUSA’) issued a `subpoena to Defendant Kirschner to testify before a Grand Jury’ on December 8, 2009. The subpoena required Defendant `to provide all passwords used or associated with the . . . computer . . . and any files.’

On December 7, 2009, Defendant Kirschner filed a Motion to Quash Grand Jury Subpoena asserting Defendant's Fifth Amendment privilege against self-incrimination.

On December 22, 2009, the Government filed a Response, which stated in the accompanying brief:

In order to examine the contents of the encryption file, the government issued a grand jury subpoena ordering Defendant to provide all passwords associated with its computer.

On February 11, 2010, Defendant filed a Reply.

U.S. v. Kirschner, supra. Rule 17 of the Federal Rules of Criminal Procedure governs the use of subpoenas in federal criminal practice. Rule 17(c)(2) states that “[o]n motion made promptly, the court may quash . . . the subpoena if compliance would be unreasonable or oppressive.” As Black’s Law Dictionary (8th ed. 2004) explains, a motion to quash a subpoena asks the court to “nullify” it, i.e., declare the subpoena null and void and therefore unenforceable. So Kirschner was asking the court to quash the subpoena because he claimed that forcing him to comply with it would violate his 5th Amendment privilege against self-incrimination. If forcing him to comply would violate his 5th Amendment privilege, then that justifies quashing the subpoena as oppressive. In re August 1993 Grand Jury, 854 F.Supp. 1392 (U.S. District Court for the Southern District of Indiana 1993).


Before addressing the 5th Amendment issue, the federal judge addressed another issue, one he raised on his own: whether the subpoena was “being utilized post-indictment to investigate additional charges.” U.S. v. Kirschner, supra. As the judge noted, a

`grand jury is given its broad investigative powers to determine whether a crime has been committed and an indictment should issue, not to gather evidence for use in cases in which indictments have already issued. Accordingly, both state and federal courts hold that it is an abuse of the grand jury process to use grand jury subpoenas `for the sole or dominating purpose of preparing an already pending indictment for trial.’

U.S. v. Kirschner, supra (emphasis added & quoting LaFave, Israel, King and Kerr, Handbook on Criminal Procedure (2d ed. 2007)). When the judge raised this issue at the hearing he held on Kirschner’s motion to quash the subpoena, that prompted this exchange with the Assistant U.S. Attorney (AUSA) handling the case:

The government concedes that the instant grand jury subpoena was issued to secure evidence of child pornography allegedly contained in Defendant Kirschner's computer, which spawned the three counts contained in the indictment:

AUSA: [I]t's our position that the grand jury is still investigating the contents of the encryption file.

COURT: It's the same computer.

AUSA: It is the same computer.


(Hr'g Tr., Feb. 16, 2010, p. 10.)

U.S. v. Kirschner, supra. The judge ultimately held that since the AUSA said he would “use the indicted defendant’s testimony solely to pursue a different, separate offense”, the government was not prevented from using a grand jury subpoena for this narrow purpose, but that he might have to revisit the issue later. U.S. v. Kirschner, supra.

In the instant case, the post-indictment grand jury questioning will relate to the same computer that provided the evidence for the existing charges, and likely the same type of criminal behavior. Does this evidence relate to a wholly different and separable offense? Stay tuned.

U.S. v. Kirschner, supra. The judge then took up the 5th Amendment privilege issue:

Insofar as the subpoena is valid, can the Defendant refuse to testify based on his Fifth Amendment privilege against self-incrimination? Defendant contends that requiring him to testify before the grand jury pursuant to the subpoena issued by the government would violate his Fifth Amendment right against self-incrimination under the United States Constitution. The subpoena calls for the Defendant to testify to the password he utilizes for his computer. Defendant declines to testify invoking his Fifth Amendment privilege against self-incrimination.

U.S. v. Kirschner, supra. Here, as in the Boucher case, the issue was whether requiring Kirschner “to provide the password is a testimonial communication.” U.S. v. Kirschner, supra. As I explained in my posts on the Boucher case, to claim the 5th Amendment privilege, you have to show that the government (i) is compelling you (ii) to give testimony that (iii) incriminates you, i.e., implicates you in the commission of a crime. The grand jury subpoena constitutes compulsion because Kirschner either has to (i) comply with it, (ii) refuse to comply with no justification and be locked up until he agrees to provide the password or (iii) successfully refuse to comply on the grounds that doing so would violate his 5th Amendment privilege. If he can show that giving up the password requires him to “testify” in a fashion that incriminates him, he can claim the privilege and have the subpoena quashed, or declared null and void.


The Supreme Court has held, basically, that you’re giving testimony – testifying – when you’re communicating, i.e., when you’re revealing your knowledge of certain facts or sharing your thoughts or opinions with the government. U.S. v. Kirschner, supra. You can’t claim the 5th Amendment privilege to refuse to surrender physical evidence such as your blood, hair or saliva; it only applies to communications, i.e., to something that look like what a witness does when she takes the stand at trial.


In addressing this issue, the Kirschner judge noted that in U.S. v. Doe, 487 U.S. 201 (1987), the Supreme Court said compelling someone “`to reveal the combination to [their] wall safe’” constitutes testimony within the scope of the 4th Amendment privilege. In this case, the AUSA “described the requested testimony [from Kirschner] in these terms: `It's like giving the combination to a safe.’” U.S. v. Kirschner, supra. That wasn’t a good way to describe it, because the judge then noted that the “Supreme Court has held that this type of procured testimony is protected by the . . . Fifth Amendment privilege.” U.S. v. Kirschner, supra. The judge also explained that “the government is not seeking documents or objects -- it is seeking testimony from the Defendant, requiring him to divulge through his mental processes his password-that will be used to incriminate him.” U.S. v. Kirschner, supra. He therefore granted Kirschner’s motion to quash the grand jury subpoena, which meant it became null and void and therefore unenforceable. U.S. v. Kirschner, supra.


As I explained in my posts on the Boucher case, that left the government with three options:


(1) Appeal this judge’s decision to the U.S. Court of Appeals for the Sixth Circuit.

(2) Give up on trying to use Kirschner’s computer as the source of evidence on which to base additional charges.

(3) Give Kirschner immunity for disclosing his computer passwords to the grand jury.


The government may go with (2), but I suspect they’re more likely to try (1). They could give Kirschner immunity for the act of disclosing the passwords, but if the government does that it can’t use the passwords themselves or any evidence derived from to charge and prosecute Kirschner for additional crimes. Section 6002 of Title 18 of the U.S. Code, which you can find here, allows the government to give someone immunity, which then strips them of the ability to claim the 5th Amendment privilege and refuse to testify. As I noted in my Boucher posts, the premise is that if the government promises it won’t use what you say to prosecute you, then your testimony doesn’t “incriminate” you and you don’t need the 5th Amendment privilege to protect you.


As I also noted in the Boucher posts, the problem the government faces in a case like this is that if it gives the suspect immunity to get the encryption key or passwords, it can’t use the key or the passwords or any evidence derived from them, i.e., any evidence they find when they access the encrypted or password-protected computer or computer media, against that person. So if the government doesn’t appeal this court’s ruling or if the U.S. Court of Appeals for the 6th Circuit affirms that ruling, it means Kirschner doesn’t have to worry about the government using evidence that’s in his computer to prosecute him for new crimes . . . unless, of course, the government can somehow bypass his password protection.

12 comments:

Anonymous said...

What really gets me mad about these cases is that the stupid defendants fail to just say "I forgot what the password is." That way they testify, but the government gets nothing. What can the government then do? Not a thing.

Boucher was a moron and a coward for pleading guilty like he did. His encryption from PGP stood up to everything the government tried to throw at it. As long as you have a really good password encryption cannot be beat - not in this lifetime (and I am serious about that - it would take thousands of years for a supercomputer to try to guess all possible password combinations).

And just because you forgot something now does not mean that you can't remember it later.

NEVER EVER GIVE THE GOVERNMENT THE PASSWORDS TO YOUR ENCRYPTION AND ALWAYS USE WHOLE DISK ENCRYPTION.

Joshua Tolley said...

This got me thinking. Computer security people generally consider passwords an inadequate security measure. Passwords are just too easy to guess, lose, etc. Hence the rise of such things as smart cards or other security devices, which effectively act as storage for very long, complex numbers. The thing is, a smart card is a physical device, and per this article I couldn't refuse to surrender a smart card on 5th amendment grounds. I could have a PIN or password on my smart card, and refuse to disclose that, but that means that my security once again rests solely on a password which, as I mentioned, is often considered inadequate.

Susan Brenner said...

Joshua, you make a very good point.

Under current law, you MIGHT be able to take the 5th Amendment privilege and refuse to give up your smart card. As I explained in detail in the first post on the Boucher case (there's a link to it in the recent 5th amendment and passwords post), you can take the 5th and refuse to hand something over if doing so is testimonial: if it tells the government something it doesn't already know that can incriminate you.

People have used that principle to claim the 5th and thereby avoid having to hand over things like guns and videos . . . so if you can meet the required elements, you can take the 5th. Problem, IMHO, is that I don't think many people know that might be able to do this . . . and so maybe just hand things over.

Joshua Tolley said...

Since I hadn't done my homework and read the two Boucher links when I made my first comment, I think I didn't put your comments in this post in proper perspective. You wrote, "You can’t claim the 5th Amendment privilege to refuse to surrender physical evidence such as your blood, hair or saliva," which I interpreted to mean that in no case was the surrender of a physical object considered "testimony". Your earlier posts clarified that surrender of a physical object such as blood or saliva wasn't testimony because everyone already knows the blood and saliva are yours. In contrast, surrendering some other physical object, such as a smart card in this scenario, reveals something to the prosecution, namely that you have control over the encrypted material. You would therefore, by that surrender, testify to something, so the 5th amendment applies.

Hey, this is fun :)

Anonymous said...

Something not touched on here is that modern passwords can of themselves have specific meaning, which could directly incriminate the defendant. For example, the password "I am a criminal, guilty of the crimes I am accused of - specifically xxx and yyy" is a perfectly valid password for most good encryption programs. If the giving up of the password is to be considered testimony, I would consider that password to be somewhat incriminating by itself.

Also, this case doesn't look at the idea that knowledge of a sufficiently unique password could be incriminating if that password is already (or becomes) known to be associated with another crime. e.g. You know the password "Twelve kangaroos ate my first edition copy of Jungle Book on Tuesday" which it turns out was also the password used to encrypt files shown to be part of a credit card theft ring.

Susan Brenner said...

Joshua,

I'm glad you think it's fun . . . I do, too (most of the time). . .

Susan Brenner said...

Anonymous,

As to the first point, it's a good argument. The problem that MIGHT arise is that the Supreme Court has held, as I may have mentioned in an earlier post, that once you write something down, you've voluntarily given the "testimony" contained in that writing . . . which means you weren't compelled to give it, which means you may not be able to take the 5th Amendment. (If you voluntarily tell somebody something, you weren't compelled to testify and so the cat's out of the bar as far as that statement is concerned.)

Now, the defense could argue that in this instance the password (the content of which is unknown) is analogous to a diary which Doe keeps and has never shown anyone. The government knows Doe HAS a diary and has kept it for years. We so far don't have a case in which this scenario has arisen, the defense argument here being that the government knows there IS a diary (or a password) but doesn't know the content. My argument there is that both represent testimony which has not yet been given, i.e., hasn't been shared with another person. I've been waiting for years for the diary case to come up, but not yet . . . maybe the issue will come up in a password case.

As to the second issue -- knowing a password that's known to be associated with a crime that's been committed and discovered -- I think a person could clearly take the 5th in this instance. The tricky part would be explaining to the Court why "testifying" about the password would incriminate you without doing just that.

Anonymous said...

It isn't like any kind of object, because the police could presumably find any object the defendant owned, be the object a smart card or a diary. They cannot find the contents of his mind without using extreme methods the Fifth Amendment is meant to protect people from.

Passwords are exactly the kind of the thing the 5th amendment is mean to protect. The purpose of the 5th amendment is to prevent the government from forcing a confession out of suspects, using cruel or unusual methods. A person may or may not have incriminating evidence protected by the password, or they may just have potentially embarrassing, sensitive financial data, or even information about political protests, or a political campaign, they don't want to share with the government on the encrypted volume. If the information on the volume is important enough the person who has the password that they refuse to give it to the government, what's the government going to do about it? Water board the person until they reveal the password? Imprison them without cause until they reveal the password? Such methods for getting evidence are exactly what the 5th amendment is really meant to prevent.

Anonymous said...

I am an attorney who handles complex federal criminal matters. Please note that under a long line of federal precedent, you do not have to provide documents and/or any other information/evidence which can by IT'S PRODUCTION be incriminatory--unless the prosecution agency provides what is called "act of production" immunity so that the act of producing cannot be used against you.

Your production is proof you possessed something and also it establishes a link in the chain of evidence and 'authenticates" the items.

The Supreme Court has interpreted the Fifth Amendment privilege against self-incrimination to include the act of producing business records of a sole proprietorship. United States v. Doe, 465 U.S. 605 (1984). The act of producing records concedes the existence and possession of the records called for by the subpoena as well as the respondent's belief that such records are those described in the subpoena.

Great post and thread

Mark Reichel Sacramento

Susan Brenner said...

Thanks for the comments, Mark, and I'm glad you like the post and comments.

Anonymous said...

What would be really funny would be if he gave them his password, and all that he had encrypted was a picture showing where he grows a single pot plant for personal use. It would be incriminating, albeit only for a traffic ticket-level offense. Then all the government's efforts would be an enormous waste of time and money. :-)

Seriously though, as the first poster pointed out, why can't he just say he doesn't remember the password? There's nothing they can do to disprove it or even give any evidence to support a theory that he's lying. Or give them the WRONG password and say they must have screwed something up during the seizure. Assuming he's using some program that adds a long secondary value (stored on disk in plaintext) to the password before hashing it into the actual decryption key, even one bit being off will make the data totally inaccessible. I suppose they could randomly flip bits in that value to a certain degree, but it would be impossible to prove the problem was with the password he gave them.

Of course, he's lying under oath to do that, which is wrong; but given the alternatives... Even if they can somehow concoct an obstruction of justice charge out of all that, claiming he destroyed evidence or some such nonsense, the maximum penalty for that has to be a lot less than the maximum, and probably even the minimum, penalty for trafficking child porn. Go to trial on the obstruction charge and he might even beat it.

It won't help this guy, but wouldn't the simple solution of course for anyone else concerned about the government forcing them to reveal passwords be to use hidden volume encryption like what TrueCrypt has? Then if the government demands a password, it can first be fought on Fifth Amendment grounds; and if that doesn't pan out, giving up a password gives them nothing. Hidden volumes are impossible to distinguish from cryptographically-secure random data (which is what volumes are filled with during creation) without the password, and there's no indication that they exist unless you know the password. Give up the password to the outer volume--revealing some sensitive, but legal, files--and the files you REALLY want to keep protected stay that way in the hidden volume. And there's nothing more that can be done.

This whole thing is stupid. The guy's smart enough to use encryption but not smart enough to realize there's NOTHING they can do if he doesn't give them the password. Claim a trojan downloaded the porn, sit in jail for a few months and be happy he's not doing 20 years.

The government, on the other hand, should introduce a new policy: If a prosecutor finds that a suspect's data is encrypted using good encryption, find someone else to prosecute (or find something else to prosecute for). They'd have a lot more success with that than they will trying to break encryption either technologically OR legally.

Anonymous said...

What would be really funny would be if he gave them his password, and all that he had encrypted was a picture showing where he grows a single pot plant for personal use. It would be incriminating, albeit only for a traffic ticket-level offense. Then all the government's efforts would be an enormous waste of time and money. :-)

Seriously though, as the first poster pointed out, why can't he just say he doesn't remember the password? There's nothing they can do to disprove it or even give any evidence to support a theory that he's lying. Or give them the WRONG password and say they must have screwed something up during the seizure. Assuming he's using some program that adds a long secondary value (stored on disk in plaintext) to the password before hashing it into the actual decryption key, even one bit being off will make the data totally inaccessible. I suppose they could randomly flip bits in that value to a certain degree, but it would be impossible to prove that the problem is with the password he gave them.

Even if they could somehow concoct an obstruction of justice charge claiming he destroyed evidence, the maximum penalty for that has got to be a lot less than the maximum penalty for trafficking child porn. Go to trial on the obstruction charge and he might even beat it.

The simple solution of course for anyone concerned about the government forcing people to reveal passwords is to use hidden volume encryption like what TrueCrypt has. Then if the government demands a password, it can first be fought on Fifth Amendment (and other) grounds; and if that doesn't pan out, giving up a password gives them nothing. TC's hidden volumes are impossible to distinguish from cryptographically-secure random data (which is what all volumes are filled with during creation) without the password and there's no indication that they exist unless you know the password. Give up the password to the outer volume--revealing some sensitive, but legal, files--and the files you REALLY want to keep protected stay that way in the hidden volume.

This whole thing is stupid. The guy's smart enough to use encryption but not smart enough to realize there's NOTHING they can do if he doesn't give them the password. Sit in jail for a few months and be happy he's not doing 20 years. The government, on the other hand, should introduce a new policy: If a prosecutor finds that a suspect's data is encrypted using good encryption, find someone else to prosecute (or find something else to prosecute for). They'd have a lot more success with that than they will trying to break encryption either technologically OR legally.