Thursday, February 22, 2018
Aloni Cohen and Sunoo Park (Massachusetts Institute of Technology (MIT) and Massachusetts Institute of Technology (MIT)) have posted Compelled Decryption and the Fifth Amendment: Exploring the Technical Boundaries on SSRN. Here is the abstract:
Law enforcement access to encrypted data has lately been a topic of increasing interest. This article examines how the legality of governmentally compelled decryption can be surprisingly sensitive to technological nuances. As one example, precedent in the U.S. has well-nigh established that under the Fifth Amendment, fingerprint-based device unlocking may be compelled while password-based device unlocking is significantly more difficult to compel. How does such technological sensitivity of judicial outcomes arise? What are the implications of the notoriously fast pace of technological development, and unpredictability of future technologies, as the amount of encrypted digital data held by and about individuals continues to grow?
The first part of this article overviews the reasoning behind a collection of cases that have shaped the doctrine to date on compelled decryption and the Fifth Amendment, and categorizes past cases into four archetypal patterns. The second part of the article examines the sensitivity of the doctrine to technological change by means of "technological hypotheticals:" that is, by identifying assumptions implicit in courts' analyses to date regarding the nature of the encryption technology involved, and considering the potential impact of realistic variant technologies (such as special types of encryption) that could challenge those assumptions. The third part of the article revisits the doctrine and the ongoing challenge faced by courts of reaching robust decisions whose underlying reasoning will remain unequivocal and relevant in the face of future technological developments. Towards addressing this challenge, some specific analytical approaches and technical considerations are distilled. Finally, the fourth part, inspired by the importance of the concept of existence in Fifth Amendment doctrine as influentially set forth in Fisher v. United States, discusses the nature of existence of encrypted data and passwords as distinct from that of more tangible objects, accentuating some challenges of applying precedent set in the physical domain to digital information.