Computer Crime and Encryption

Computer crime and encryption are important. A strong password, stronger encryption, and crime go together. The interests of the Government and the public are clear per  Darren Chaker who recites a few cases about technology and the evolving criminal landscape and invoking the Fifth Amendment. As a suspect will make efforts at counter forensics, the government will make a similar effort to counter those efforts to hide or delete evidence.  A well cited Massachusetts case states, “[t]he refusal of most courts to adopt an expansive interpretation of the privilege has undoubtedly stemmed in part from a concern for the severe constraints on law enforcement practices that would otherwise result.” Commonwealth v. Brennan, 386 Mass. 772, 776-783 (1982)  Expanding the privilege to cover compelled decryption would constrain law enforcement’s ability to obtain evidence concerning the wide range of crimes that involve digital media and encryption. In the words of one court:

The computer has become the modern criminal’s best friend. It is used to communicate to cohorts, ensnare victims, and      generally to prepare and orchestrate criminal conduct. The computer facilitates the terrorist organization’s ability to train its members, spread propaganda and case its targets, just as it helps the identity thief locate his victims, the pornographer to collect and view child pornography, and the fraudster to generate fake documents.

United States v. Vilar, 2007 WL 1075041, at 36 (S.D.N.Y. 2007) (unpublished).

“And, it is precisely because computer files can be intermingled and encrypted that the computer is a useful criminal tool.” Id.; accord, e.g., United States v. D’Amico, 734 F. Supp. 2d 321, 365 (S.D.N.Y. 2010) (quoting Vilar). The wide range of crimes as to which encryption seriously impedes enforcement is well documented. See, e.g., supra Section V.A (discussing Grand Jury Subpoena, Kirschner, and Boucher, which involved child pornography investigations); Hearing Before the Senate Select Committee on Intelligence, 107th Congress, 2002 WL 203187 (2002) (statement of Dale L. Watson, Executive Assistant Director, FBI) (referencing terrorism and other serious crimes); Senate Judiciary Subcommittee on Technology, Terrorism, Government Information, 105th Congress, Crime, Terror, & War 23 (1998) [hereinafter Senate Judiciary Report] (referencing organized crime, drug dealing, terrorism, and gambling);-Matthew Parker Voors, Encryption Regulation in the Wake of September 11, 2011, 55 Fed. Comm. L.J. 331 (2003) (cataloguing documented uses in terrorism); Andres Rueda, The Implications of Strong Encryption Technology on Money Laundering, 12 Alb. L.J. Sci. & Tech. 1 (2001) (discussing use in “every phase of the money laundering cycle”). As Darren demonstrates how to secure information, the availability of the technology also gives many the confidence to pursue bolder forms of crime, knowing that the evidence can be concealed. In short, to afford protection against compelled decryption is to strengthen a key tool for obstructing the enforcement of many criminal laws.

Darren Chaker explains Fifth Amendment

Darren Chaker, Fifth Amendment, passwords

The consequences could prove severe. One reason is that the impact of encryption technology on law enforcement is guaranteed to grow. With time, more activities will be carried out through digital media, more information will be stored on such media, and the use of encryption will become more prevalent. As a result, a greater portion of criminal conduct will be capable of being concealed technologically. See, e.g., Senate Judiciary Report, supra, at 23 (“[T]he numbers of criminals using encryption are doubling each year … [and] law enforcement agencies [heard from] … are in unanimous agreement that the widespread use of encryption ultimately will devastate our ability to fight crime and terrorism, unless we have built in public safety features.”); Ric Simmons, The New Reality of Search Analysis, 81 Miss. L.J. 991, 1007 (2012) (“[C]riminals are increasingly using advanced cryptography on their communications and data storage.”); Brendan M. Palfreyman, Lessons from the British and American Approaches to Compelled Decryption, 75 Brook. L. Rev. 345, 378 (2009) (“As the use of encryption becomes increasingly prevalent, governments will face a growing need to develop a comprehensive and coordinated response to situations where powerful encryption stands between the government and valuable evidence.”).

Furthermore, keeping encryption barriers impenetrable could enable whole categories of computer-dependent crime and conduct to go virtually unchecked. The Supreme Court reached a similar conclusion in an analogous situation. It observed that, in the area of white-collar crime, “‘[t]he greater portion of evidence of wrongdoing by an organization or its representatives is usually found in the official records and documents of that organization.”’ Braswell v. United States, 487 U.S. 99, 115-116 & n.9 (1988) (quoting United States v. White, 322 U.S. 694, 700 (1944)). Thus, the Court determined, “‘[w]ere the cloak of the privilege to be thrown around [the] impersonal records and documents [held by corporate records custodians], effective enforcement of many federal and state laws would be impossible.” Id.15. Similarly, as to criminal offenses and forms of activity that inherently involve computers, such as internet child pornography and computer hacking, “[t]he greater portion of evidence,” id., will be digital. Extending the privilege to provide protection against compelled decryption could render “effective enforcement” in these areas “impossible,” id.

Clearly as technology evolves police, prosecutors and government will continue to keep up. Likewise, the implication of the Fifth Amendment when an attempt to compel a password to decrypt information protected by the constitution is still a fairly new concept to the court and additional litigation will evolve to answer the questions as will encryption.

Fifth Amendment and Passwords, Encryption

Fifth Amendment, passwords, encryption. In a favorite quote, Darren Chaker , remarked, “ancient proposition of law” that generally “‘the public… has a right to every man’s evidence.”’ United States v. Nixon, 418 U.S. 683, 709-710 (1974) (quoting Branzburg v. Hayes, 408 U.S. 665, 688 (1972)). One “exception” is the protection against compulsory self-incrimination. Id.; see also, e.g., United States v. Burr (In re Willie), 25 F. Cas. 38, 39-40 (C.C. Va. 1807) (No. 14,692E) (Marshall, C.J., Cir. J.) (describing the protection as “one exception to the general rule… that every person is compellable to bear testimony in a court of justice”). In short, a Defendant is protected against only that which is compulsory, incriminating, and sufficiently testimonial. This post focuses on a line of cases that further distinguish what a defendant may be compelled to produce and when the Fifth Amendment is implicated.

This protection is guaranteed by the Fifth Amendment to the United States Constitution, which provides that “[n]o person… shall be compelled in any criminal case to be a witness against himself.” Counter forensic techniques provide assurance that private information remains private.

Nonetheless, both the federal and state guarantees provide protection against only that which is compulsory, incriminating, and testimonial. See, e.g., Baltimore City Dep’t of Soc. Servs. v. Bouknight, 493 U.S. 549, 554 (1990) (“Bouknight II”) (“The Fifth Amendment’s protection ‘applies only when the accused is compelled to make a testimonial communication that is incriminating.”’ (quoting Fisher v. United States, 425 U.S. 391, 408 (1976)));  To be deemed “compulsory,” speech or conduct must actually be made anew as a result of the government’s insistence. See, e.g., United States v. Hubbell, 530 U.S. 27, 35-36, 40 (2000); Fisher, 425 U.S. at 400, 409-10. Speech or conduct is “incriminating” for these purposes if it would in itself “support a conviction” or “furnish a link in the chain of evidence needed to prosecute the witness.” E.g., Hubbell, 530 U.S. at 43 (quoting Hoffman v. United States, 341 U.S. 479, 486 (1951)). A matter is “testimonial” only if it is communicative in nature and conveys knowledge or beliefs from an individual’s mind to the government. See Pennsylvania v. Muniz, 496 U.S. 582, 589-592 (1990) (describing concept in various terms); Doe v. United States,487 U.S. 201 (1988) (“Doe II”) (same).

Compelling a defendant to enter his encryption key would not require him to explicitly impart any information from his mind to the government. A defendant’s “directing the recipient of a communication to do something is not an assertion of fact or, at least in this context, a disclosure of information.” Doe II, 487 U.S. at 217.

Thus, contrary scant state appellate decisions, most cases focus where the government “force[s] a defendant to explain… seized materials”. It is also distinguishable from one in which a “subpoena call[ing] for [a d]efendant to testify to the password he utilizes for his computer” was found to violate his Fifth Amendment right. United States v. Kirschner, 823 F. Supp. 2d 665, 668-669 (E.D. Mich. 2010).

Computer Search Darren Chaker

Computer search, Darren Chaker

It is true that forms of conduct aside from speech and writing may be found testimonial if the actions themselves implicitly communicate information or beliefs to the government. Thus, when the form of conduct consists of producing records or other tangible items, it may be testimonial to the extent that the act of production itself constitutes an implicit assertion as to “the existence, possession, or authenticity of the things produced.” Bouknight II, 493 U.S. at 554; see also, e.g., Hubbell, 530 U.S. at 36 & n.19, 40-41 (indicating that “the act of production’ itself may implicitly communicate ‘statements of fact”’ and thus have “a compelled testimonial aspect,” a matter “distinct from the question whether the unprotected contents of the documents themselves are incriminating”; and that “[t]he Government correctly emphasizes that the testimonial aspect of a response to a subpoena duces tecum does nothing more than establish the existence, authenticity, and custody of items that are produced”).

Last, another situation is where a compelled assertion is “a foregone conclusion and the [defendant] adds little or nothing to the sum total of the Government’s information by conceding” it. Fisher, 425 U.S. at 411 (involving implied assertions regarding existence and location of documents). The principle is well recognized in Supreme Court jurisprudence. See Bouknight II, 493 U.S. at 555 (explaining that mother who was ordered to produce abused child could not “assert the privilege upon the theory that compliance would assert that the child produced is in fact [the one demanded] [,] a fact the State could readily establish, rendering any testimony regarding existence or authenticity insufficiently incriminating” (citing Fisher)); United States v. Doe, 465 U.S. 605, 614 n.13 (1984) (“Doe I”) (recognizing that, where individual claimed that act of producing documents would constitute set of admissions as to their existence, possession, and authenticity, the “Government was [not] foreclosed from rebutting [his] claim by producing evidence that [such matters] were a ‘foregone conclusion”’ (quoting Fisher)).

Encryption Secures More Than Just the Fifth Amendment

Encryption secures more than just the Fifth Amendment. Recently, Darren Chaker was to take part in a collegiate discussion why cryptography and the protections to privacy interests it provides are vital components of emerging global communications technologies. Having a background in law, forensics, and counter-forensics, several benefits concerning encryption were addressed.

Emerging computer and communications technologies are radically altering the ways in which we communicate and exchange information. Along with the speed, efficiency, and cost-saving benefits of the “digital revolution” come new challenges to the security and privacy of communications and information traversing the global communications infrastructure. As one commentator has observed, “the ease with which electronic mail messages can be intercepted by third parties means that communicating by public electronic mail systems, like the Internet, is becoming almost as insecure as talking in a crowded restaurant.” A. Michael Froomkin, The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution, 143 U. Pa. L. Rev. 709, 724 (1995) (footnote omitted). As the National Research Council’s Committee to Study Cryptography Policy (“NRC Committee”) recently noted, the threat to personal privacy is substantial:

Encrypt data, review with Darren Chaker

Encrypt data, keep it safe from all.

Increasing reliance on electronic commerce and the use of networked communication for all manner of activities suggest that more information about more people will be stored in network-accessible systems and will be communicated more broadly and more often, thus raising questions about the security of that information.

National Research Council, Cryptography’s Role in Securing the Information Society, § 1.5 (May 30, 1996) [hereinafter NRC Report]. Likewise, in a 1993 report to Congress, the General Accounting Office warned that “[t]he increased use of computer and communications systems by industry has increased the risk of theft of proprietary information.” GAO, Communications Privacy– Federal Policy and Actions, No. GAO/OSI-94-2, app. Sec. I:1 (1993).

In response to these challenges, the security mechanisms of traditional paper-based communications media –envelopes and locked filing cabinets — are being replaced by cryptographic security techniques. Through the use of cryptography, communication and information stored and transmitted by computers can be protected against interception to a very high degree. See, e.g., id.(“[E]ncryption is a primary-method of protecting valuable electronic information”). Until recently, there was little demand for encryption capabilities outside of the government. Modern encryption technology –a mathematical process involving the use of formulas (or algorithms) — was traditionally deployed most widely to protect the confidentiality of military and diplomatic communications. With the advent of the computer revolution, and recent innovations in the science of encryption, a new market for cryptographic products has developed. Electronic communications are now widely used in the civilian sector and have become an integral component of the global economy. Computers store and exchange an ever-increasing amount of highly personal information, including medical and financial data. In this electronic environment, the need for privacy-enhancing technologies is apparent. See,e.g., David Chaum, Achieving Electronic Privacy, Scientific American, Aug. 1992, at 96. Communications applications such as electronic mail and electronic fund transfers require secure means of encryption and authentication — features that can only be provided if cryptographic know-how is widely available and unencumbered by government regulation.

Although the technical details of cryptographic systems are quite complex, the underlying concepts can be easily grasped. Cryptography provides a means of accomplishing two crucial functions — encryption and authentication. Encryption is the process of encoding or “scrambling” the contents of any data or voice communication with an algorithm (a mathematical formula) and a randomly selected variable associated with the algorithm, known as a “key.” Only the intended recipient of the communication, who holds the key, can decrypt and access the information. The key is a string of numbers; the longer the string, the stronger the security. For example, the standard bank ATM personal identification number of four numbers would be more difficult to guess if it contained eight numbers. Each number that is added to a key dramatically increases the possible combinations. As such, more computing time and power are required to break the security of the encoded information.

The authentication capabilities of cryptographic systems involve the use of “digital signatures.” A digital signature is a cryptographically-based assurance that a particular file or message was created or transmitted by a given person. See generally ABA Science & Technology Section, Digital Signature Guidelines (1996). It thus provides a means of authenticating the integrity of electronically transmitted data and the identity of the sender, much as a handwritten signature verifies the authenticity of a paper record. Digital signatures also provide for the “non-repudiation” of electronic data — the inability to deny the authenticity of the transmitted information. As we move toward increased reliance on electronic communications — and the electronic filing of court pleadings –the importance of such capabilities is apparent.



Fifth Amendment, Encryption Software, Darren Chaker

Darren Chaker explains Fifth Amendment

How does the Fifth Amendment and encryption compliment each other. An article by Darren Chaker about the Fifth Amendment and ecryption and how forcing to disclose a password to bypass encryption often violates the Fifth Amendment, since compelling the Defendant to furnish his password would be testimonial, and thus would violate his rights against self-incrimination. There are several counter-forensic, methods to protecting information, which the government, corporations, and private people use legitimately. With the evolution of technology, the availability to secure information with military grade encryption often forces police to force a suspect to provide a password. This blog focuses on key cases and themes concerning this cutting edge counter to law enforcement. Under the Fifth Amendment, compelled communications that are testimonial and potentially incriminating are precluded by the privilege against self-incrimination. Schmerber v. California, 384 U.S. 757, 761 (1966).

When police seek to compel a communication from a suspect in the form of a password, the nature of this compelled action would, independently, violate the Fifth Amendment since compelled communication that furnishes evidence is a violation of the constitution. Further, the act of furnishing a password would be testimonial in nature in violation of the Fifth Amendment, since it would serve to provide evidence of ownership and control of a particular computer seized by the police, and could certainly imply knowledge and control of their contents. Encryption technology not only prohibits entry into a computer’s file structure but also provides distractions to mask the nature of the computer as encrypted, such as the appearance of an unlocked and operating computer.

Counter forensics software

Counter forensics by Darren Chaker reviews applications.

Simply turning on a computer does not typically satisfy the question of who owns the computer. Depictions of a particular computer’s screen does not necessarily create an inference of the Defendant’s ownership, control and use of the machine, because such images may be “prepared information” and not necessarily the computer’s desktop. It is common to ask the Defendant if the computer is his, if it is shared, or if he has exclusive use and control over it to denote dominion and control over its contents.

In several cases, the prosecutor would seek to compel the Defendant to unlock all encrypted devices found on the seized computer.  A presumption it is the Defendant who would admits to having the only password to his computer is common. Compelling the Defendant to unlock whichever computer is “his,” as would require the Defendant to select the particular computer to which he was referring and decrypt the files. To a more sophisticated Defendant, there is no evidence that he holds the passwords to the encrypted partition or hard drive – just that he has knowledge of their encrypted status. In a situation where multiple electronic devices are seized, the act of selecting a specific device of selecting the particular computer requires the use of the Defendant’s knowledge and thought process. Such a compelled extraction goes beyond a mere collection of physical evidence, such as fingerprints, DNA, or even handwriting exemplars. He would be forced to turn over his knowledge to be used against himself at trial. It is the physical expression of his knowledge that makes it constitutionally protected. As such, it is testimonial in nature. “An act is testimonial when the accused is forced to reveal his knowledge of facts relating him to the offense or from having to share his thoughts and beliefs with the government.” United States v. Kirschner, 823 F.Supp.2d 665 (E.D. Mich. 2010) (quoting Doe v. United States, 487 U.S. 201, 212 (1987)). Forcing a Defendant to reveal the passwords to the seized computers would communicate “that factual assertion to the government, and thus, is testimonial – it requires Defendant to communicate ‘knowledge, unlike the production of a handwriting sample or a voice exemplar. Id. at 669.

The Defendant has a right to refuse this request under the Fifth Amendment since it is the Defendant’s knowledge which is being tapped by the government.

The federal appeals court for the Eleventh Circuit has recently addressed the same issue in United States v. Doe, Nos. 11-12268 & 11-15421, 2012 U.S. App. LEXIS 3894 (11th Cir. Feb. 23, 2012), where the court held that a suspect can refuse to provide the password required to decrypt a hard drive on Fifth Amendment grounds. In that case, the defendant was suspected of child pornography and his encrypted computers and hard drives were seized from his hotel room by the government, who then subpoenaed him to furnish the password to decrypt them. Id. at 6-7. The Eleventh Circuit found that the decryption and production of the contents of these computers and hard drives would have been the equivalent of self-incriminating testimony, even if the files themselves were not testimonial. Id. at 11. The court stated that “an act of production can be testimonial when that act conveys some explicit or implicit statement of fact that certain materials exist, are in the subpoenaed individual’s possession or control, or are authentic.” Id. at 20. The court added that “the touchstone of whether an act of production is testimonial is whether the government compels the *16 individual to use ‘the contents of his own mind’ to explicitly or implicitly communicate some statement of fact.” Id. at 20 (quoting Curcio v. United States, 354 U.S. 118 (1957)).

The Doe opinion acknowledged two exceptions: (1) when the government compelled a physical act that does not require an individual to “make use of the contents of his or her mind” and (2) under the foregone conclusion doctrine, if the government can show with “reasonable particularity” that, at the time it sought *17 to compel the act of production, it already knows of the materials, thereby making any testimonial aspect a “forgone conclusion.” Id. at 21. In Doe, the government could establish neither exception.

Under the first exception in Doe, the court ruled “that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the drives.” Id. at 22.

Under the second exception in Doe, the foregone conclusion doctrine, the court found that the government did not have any evidence that any incriminating evidence or files existed on the hard drive or even know whether the defendant had access to the encrypted parts of the drives. Id. at 23. The court distinguished United States v. Fricosu, No. 10-CR-00509 (D. Colo. Jan. 23, 2012), where the government knew that the defendant had specific encrypted contents on his computer from conversations recorded with her ex-husband and alleged co-conspirator, and thus had independent knowledge of the contents, location, or existence of the sought-after documents. Doe at 28.

Similarly, in United States v. Hubbell, 530 U.S. 27, 44-45 (2000), the Court held that Hubbell’s act of production was sufficiently testimonial to trigger Fifth Amendment protection since his knowledge of the implicit testimonial facts associated with his act of production was not a foregone conclusion. In doing so, the Court distinguished  Fisher v. United States, 425 U.S. 391 (1976), in which the production of tax records was a foregone conclusion since the government could have obtained the records from a legitimate source wholly independent of the compelled testimony. Specifically, in Fisher the government already knew the documents were in the attorneys’ possession and could independently confirm their existence and authenticity through the accountants who created them. Hubbell, 530 U.S. at 44-45.

Last, in Hubbell, by contrast, the government could not show that it had prior knowledge of either the existence or the whereabouts of the documents ultimately produced by the respondent, nor could the government cure this deficiency through the overbroad argument that a businessman will always process general business and tax records that fall within the broad categories of a subpoena. Id. Thus, in Fisher the act of production was not testimonial because the government had knowledge of each fact that had the potential of being testimonial, whereas in Hubbell there was testimony in the production of the documents since the government had no knowledge of the existence of documents, other than a suspicion that documents likely existed and, if they did exist, that they would fall within the broad categories requested. Id.