Judge upholds efforts to compel individual to decrypt drive in child pornography case
The accused had sought Fifth Amendment protections against self-incrimination
Computerworld - A federal judge in Vermont has ordered a man charged with transporting child pornography on his computer to open and produce before a grand jury the contents of an encrypted hard drive that's alleged to contain explicit images involving minors.
Sebastien Boucher, a Canadian citizen who is now a legal permanent resident of the U.S. living in Derry, N.H., had earlier been resisting attempts by the government to access the encrypted hard drive, citing Fifth Amendment protections against self-incrimination. A magistrate court judge in Vermont in November 2007 had granted a motion by Boucher to quash a grand jury subpoena in the case on those grounds. However, U.S. District Court Judge William Sessions' ruling on Feb. 20 upholds an appeal by the government asking for that motion to be overthrown.
Boucher was arrested in December 2006 at the Canadian border in Derby Line, Vt., after customs agents allegedly discovered several image files involving child pornography on the computer, including in an encrypted portion of his hard disk that Boucher led them to.
When creating a mirror image of the contents of the laptop a few weeks later, an officer at the Vermont Department of Corrections discovered he could not access a portion of the hard disk containing the images because it had been protected using encryption. Boucher refused to comply with a grand jury subpoena ordering him to turn over the decryption key, saying that doing so would be tantamount to self-incrimination and therefore a violation of his Fifth Amendment rights.
Magistrate Judge Jerome Niedermeier, who originally heard the case in November 2007, granted Boucher's motion to quash the grand jury subpoena. In explaining his decision, Niedermeier said that compelling Boucher to enter the password would force him to produce evidence that could be used to incriminate him. "By entering the password, Boucher would be disclosing the fact that he knows the password and has control over the files [on the encrypted drive]," Niedermeier wrote. "If Boucher does know the password, he would be faced with the forbidden trilemma: incriminate himself, lie under oath, or find himself in contempt of court."
In appealing that ruling, prosecutors modified their original request and noted that they did not, in fact, want the password for the encrypted hard drive, but merely wanted Boucher to produce its contents in an unencrypted fashion in front of a grand jury. The appeal asked Sessions to overthrow the motion quashing the subpoena.
In upholding that appeal, Sessions wrote that the act of producing documents in response to a subpoena can be considered incriminating only when the existence of the subpoenaed material is previously unknown to the government or where production would implicitly authenticate the documents.
"Where the existence and location of the documents are known to the government, no constitutional rights are touched," Sessions wrote, citing a previous case. The judge noted the fact that Boucher had accessed the encrypted files in the presence of the customs agent, who then also had viewed some of them and had discovered them to contain pornographic material involving children.
As a result, the government already knew of the existence and location of the files containing the incriminating evidence, he said. Similarly, the mere act of Boucher producing an unencrypted version of his drive is not necessary to authenticate it because Boucher himself has admitted to possession of the computer, the Judge wrote in his five-page ruling upholding the government's appeal.
Read more about Endpoint Security in Computerworld's Endpoint Security Topic Center.
- Mitigating Multiple DDoS Attack Vectors It's time to rethink and refine the enterprise security architecture, so organizations can remain agile and resilient against future threats. Download this infographic...
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Reducing the cost and complexity of endpoint management IBM now offers simpler, more affordable solutions for improving endpoint security, patch compliance, lifecycle management and power management within midsized organizations. Read this...
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Endpoint Security White Papers | Webcasts