The Fifth Amendment and Compelled Decryption
The first example is actually two cases that look at different sides to the same question, namely can a party be compelled to reveal the encryption passphrase to his computer or mobile device. In re Boucher, a federal case out of Second Circuit in Vermont, was the first case to address this this question. In Boucher, the defendant’s (Boucher) laptop was inspected as he returned from a trip to Canada. The laptop was on when it was inspected which allowed customs officials to see images of alleged child pornography on an open browser page. Boucher was arrested for the illegal trafficking of child porn and the laptop was turned off. A few days later when police began their digital forensic investigation of the laptop, they discovered that the drive allegedly holding the illegal images was encrypted and only accessible by a passphrase. Citing the Fifth Amendment’s prohibition against self-incrimination, Boucher refused to reveal the passphrase. In ruling against Boucher, the court held that the Fifth Amendment did not apply because Boucher had already revealed the contents of the laptop to the government at the border. The information the government sought was, therefore, a forgone conclusion and Boucher’s refusal to reveal did little more than delay the inevitable.
The second case to look at the question of compelled decryption had a very different ending than Boucher. In re Grand Jury Supoena Duces Tecum Dated March 25, was a 2012 case out of the Eleventh Circuit in Georgia. Similar to Boucher, Grand Jury involved an investigation concerning the possession of child pornography. However, rather than have actual evidence that the defendant had child porn on his laptop, the government merely suspected that he did. The laptops that were seized were encrypted however. In an attempt to examine the contents of the laptops, the government ordered the defendant to reveal the decryption passphrases; which he refuses to reveal. In finding for the defendant, the court held that the Fifth Amendment applied and that it would be a violation of the defendant’s right against self-incrimination if he was compelled to reveal the passphrases. According to the court, in this case the government could not show: (1) that the sought after files existed; (2) if the files existed, that they were located on the defendant’s laptops; and (3) even if the files were on the laptops, the government had no proof that they were authentic. In short, it was not a “foregone conclusion” that the information sought by the government was indeed on the defendant’s laptops.
Depending on the jurisdiction (and until the Supreme Court settles the question) these two cases provide to possible outcomes for the initial steps in a digital forensic investigations of computers or devices that are encrypted. As mentioned, a digital forensics investigation begins with the search for and acquisition of relevant electronic information. This step becomes immensely challenging if the digital forensic analysts is blocked by encryption from “searching or seizing” electronic information. Recently, FBI Director James Comey commented on the challenges that encryption presents to digital forensic investigations. According to Comey, the consequences of encryption to law enforcement are very serious, “like a closet that can’t be opened or a safe that can’t be cracked (Comey, 2014). Indeed, according to a number of experts it is extremely difficult, if not impossible to access any useful information from a device that has been properly encrypted (Balogun & Zhu, 2013). This is even more so if the device is not acquired in a “live” state or has been turned off prior to the beginning of an investigation (Casey& Stellatos, n.d.).
Accordingly, in the Second Circuit and those jurisdictions that apply the In re Boucher standard, digital forensic investigations can avoid the challenges posed by an encrypted device through a court order compelling decryption in those cases where the government has a high degree of certainty that the information they seek is on the device. On the other hand, in the Eleventh Circuit and those jurisdictions that follow the In re Grand Jury decision, digital forensic investigations of properly encrypted devices will be severely limited unless they have probable cause and a warrant. Alternatively, these cases may be rendered moot if more companies follow the recent policy of Apple and Google to automatically encrypt their devices.
The Fourth Amendment and the Search of a Cell Phone’s Digital Data
The second example concerns a case asking whether police should be allowed to search the contents of a cell phone of a person they just arrested. For a number of years, the question was answered differently depending which state or federal court would hear the case. Finally, in the 2014 case Riley v. California, the Supreme Court stepped in to address the question once and for all and harmonize the rulings below. In Riley, the defendant (Riley) was a pulled over by police for driving with expired license tags. Upon checking his identification, police discovered that Riley was also driving with a suspended license. The car was impounded and a search of the car turned up two guns. Riley was subsequently arrested for the illegal possession of firearms. Riley was carrying a cell phone when he was arrested. Police examined the contents of the cell phone and found pictures of Riley “making gang signs.” A ballistic check of the guns tied Riley to a gang-related shooting several weeks earlier. At trial on a number of charges, including attempted murder; police used the pictures and information obtained from Riley’s phone as evidence of his gang membership. Riley asked the court to exclude the information retrieved from the phone on the grounds that it violated his Fourth Amendment rights against “unreasonable search and seizure.” The trial court denied his motion and Riley was subsequently convicted and sentenced to fifteen years to life.
In a unanimous decision finding for Riley, the Supreme Court held that “generally, police may not search the contents of a cell phone” obtained after the arrest of a defendant (Riley v. California, 2014). The Court went on to explain that a cell phone could not hide a weapon and therefore police did not need to search it immediately for their protection. Moreover, the Court refused to acknowledge concerns of the government over the preservation of evidence such as arguments that a cell phone could be “remotely wiped” or “flash encrypted.” According to the Court, police officers concerned with preserving evidence could simply turn the phone off, take out its battery or store it in a manner that does not allow it to send/receive radio waves (Riley v. California, 2014). In the Court’s view the only proper way to access the digital contents of a cell phone was with a search warrant unless there was a compelling reason to access the phone immediately.
Riley has a similarly important impact on digital forensics as In re Boucher and In re Grand Jury have on encrypted devices. Riley can be distinguished in that it affects all cases across the nation that deal with the search of cell phones incident to arrest. Nowadays, with the growth of the mobile Internet and cloud storage, more and more people, including criminals are buying and using mobile devices as their primary computer and Internet access device. Accordingly, people are storing enormous amounts of information on their mobile devices as illustrated in Riley. Oftentimes, and unlike a laptop, people do not encrypt their phones. Prior to Riley, in a number of jurisdictions, digital forensic analysts could readily access a mobile device’s information for use against a defendant. However, after Riley, the search of the cell phone incident to arrest is prohibited without a warrant or the existence of exigent circumstances and other applicable exceptions under the Fourth Amendment. Riley limits the ways that digital forensic analysts can search for and seize relevant data.
Interestingly, Riley did not totally address the valid digital forensic concerns of encryption. While the Court did say that police can take measures to ensure that an unlocked phone stays unlocked to avoid encryption, it did not address what to do if a phone is already locked or powered off.
References
Ami-Narh, J.T., & Williams, P.A.H. (2008). Digital forensics and the legal system: A dilemma of our times. Retrieved on October 29, 2014, from http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1040&context=adf
Balogun, A.M., & Zhu, S.Y. (2013). Privacy impacts of data encryption on the efficiency of digital forensic technology. Retrieved on October 30, 2014, from http://www.arxiv.org/pdf/1312.3188.pdf
Casey, E. & Stellatos, G.J. (n.d.) The impact of full disk encryption on digital forensics. Retrieved on October 30, 2014, from http://www.liacs.nl/~nikolov/StudSem1112/OS_Encryption.pdf
Comey, J.B. (2014, Oct. 16). Going dark: Are technology, privacy, and public safety on a collision course. Retrieved on October 30, 2014, from http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course
In re Boucher, 2009 WL 424718. Retrieved on October 30, 2014, from http://www.volokh.com/files/BoucherDCT.1.pdf
In re Grand Jury Supoena Duces Tecum Dated March 25, 2011. Retrieved on October 30, 2014, from http://www.uscourts.gov/uscourts/courts/ca11/201112268.pdf
Riley v. California, 573 U.S. __ (2014). Retrieved on October 30, 2014, from http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf