January 16, 2008
Enycryption In Child Porn Case Raises Constitutional Issues
The Washington Post is reporting on the Case of In Re Boucher, 2007 WL 4246473, decided November 29th 2007. Approximately a year before, on December 17, 2006, Boucher and his father crossed from Canada into the United States at a border station in Derby Line, Vermont. Boucher's car was subjected to inspection and the border agent viewed the contents of a laptop in the back seat of the car. The agent found suspected child pornography while viewing the contents of the laptop. The border agent contacted Special Agent Mark Curtis to continue the examination and questioning of Boucher.
Boucher made statements to the effect that he downloaded adult pornography and sometimes came across child pornography but promptly deletes it when he realizes its contents. Some of the files Agent Curtis saw in the directory were named in a manner that strongly suggested the content was, indeed, child pornography. He then asked Boucher to show him where his downloads were located on the laptop. Boucher navigated to drive Z where Agent Curtis located and viewed content that appeared to be adult and child pornography. After more examination, Boucher was arrested.
This would be a pretty straightforward case but for the fact that when government forensic experts examined the laptop, they could not get into drive Z because it was encrypted by Pretty Good Privacy (PGP) encryption software. The issue in the case was whether Boucher could be compelled to give up the password that allowed access to the drive. The obvious problem for the government and the court was the bar to self-incrimination as stated in the Fifth Amendment.
The government argued that it could compel Boucher to enter the password when no one was looking and give him immunity for the act of entering the password, which is different from using the underlying unencrypted content against him. The court rejected this argument by stating that by entering the password Boucher would be admitting that he knows what it is. This would be testimonial and barred by the Fifth Amendment.
There were variations on this argument of separating the act of providing the password to the production of the documents, but, with analysis, the court ultimately rejected all of them. The result was that court quashed the motion to compel. The government must get access to the hard drive without Boucher's involuntary cooperation.
Two lessons emerge. One is that PGP software is likely as good as the name implies in that government witnesses testified that there are no back doors or other hacks into encrypted material without the password. One assumes that having the laptop and mirrors of the drive in their possession that the government has made more than a casual attempt at cracking the encryption. On the other hand, the government may be attempting to establish a legal precedent before using hardened methods at gaining access. Why waste the effort when a court will give access.
This still has to go to the Second Circuit and possibly to the U.S. Supreme Court. The charged issue of child pornography and the possibility of terrorists using encryption are in the underlying context of an appeal. One point worth noting, however, is that PGP encryption software isn't exactly new compared to these "threats" of criminal activity. In fact, the government uses encryption for its own purposes, and would probably object if there were cracks that would leak its own documents. Banks and other entities that are required by law to protect sensitive documents have the same concern. The question is how to keep those levels of security available without compromising the Fifth Amendment when individuals are involved. I don't think that's possible. The Supreme Court can always surprise us. You never know, waterboarding may be an option when tortured logic is involved.
January 16, 2008 | Permalink
TrackBack URL for this entry:
Listed below are links to weblogs that reference Enycryption In Child Porn Case Raises Constitutional Issues:
If the US government were able to crack PGP messages, they would certainly not want to reveal that ability in a "simple" criminal case like this. Many people around the globe use PGP, and the ability to snoop on their conversations and files in secret is worth much more than convicting one person.
Posted by: Jerome | Jan 16, 2008 12:43:03 PM