undefined

Child porn suspect doesn't have to decrypt hard drive, judge rules

Shares

A federal judge citing Fifth Amendment guarantees against self-incrimination has ruled that a Wisconsin computer expert suspected of storing child porn files on one or more of his encrypted hard drives can not be compelled to decrypt them.

This ruling doesn’t mean that compelled decryption can never again be used under American law; it simply agrees with earlier precedents establishing that compelled decryption is legal only when investigators already know what the encrypted files contain. But if they don’t, they can’t force a suspect to decrypt them so they can go fishing for evidence.

Judge William Callahan of Wisconsin’s Eastern District, in his nine-page .pdf  “Order denying application to compel decryption,” starts by noting that on April 3, 2013, the government applied for an order compelling Jeffrey Feldman to decrypt certain hard drives which FBI agents had physically seized during the execution of an earlier search warrant.

Callahan goes on to say that the “primary issue presented by the government’s application is whether compliance with such an order would involve incriminating testimony within the protection of the Fifth Amendment.”

The text of that amendment says that, among other things, “no person […] shall be compelled in any criminal case to be a witness against himself.”

The initial warrant against Feldman, on suspicion of possessing child pornography, was executed last January. Here is what happened, according to the court:

“Agents seized 16 storage devices during the search. Five devices showed no traces of electronic data, and two devices were not encrypted. The remaining nine devices contained data inaccessible due to encryption. The encryption programs on the storage devices appeared to be the sort that would lock or damage data if too many incorrect password guesses were made. FBI analysts have spent over four months attempting to access the encrypted files without success.

“On one of the unencrypted devices, a Dell computer, FBI examiners found a peer-to-peer software program called “eMule.” Within eMule, log files indicated that 1,009 files were received, distributed, or stored using eMule, with most of the files having titles mainly indicative of child pornography.”

But simply knowing a file’s name doesn’t mean you know what it actually contains, especially when it comes to peer-to-peer file sharing programs. And there’s no guarantee that any file a suspect has ever shared or transferred is still being stored on his encrypted drive.

As Judge Callahan wrote: “Nothing in the record before us reveals that the Government knows whether any files exist and are located on the hard drives.”

Callahan's ruling never actually uses the phrase “fishing expedition,” but that’s partially what he rejected here.

Not everyone is pleased with the implications of Callahan’s decision. Mike Wheatley, blogging for SiliconANGLE, headlined the story “US judge rules data encryption makes perverts untouchable” and mournfully observed that “So long as criminals are smart enough to encrypt their data in a way that law enforcement cannot access it, the onus is on investigators to come up with solid evidence that their data contains incriminating evidence – mere suspicion, even if the file names indicate illegal content is stored within them, is no longer enough.”

This is true. Then again, that's also the whole point of the Bill of Rights: “mere suspicion” is not enough to let the government search your premises and invade your privacy; the government needs actual evidence of wrongdoing before it can interfere with your life. Nowhere in the text of the U.S. Constitution does it say “All rights listed herein may be suspended, if cops suspect you did something really really bad.”

Illustration by Jason Reed