Computerworld - A federal judge in Vermont has ordered a man charged with transporting child pornography on his computer to open and produce before a grand jury the contents of an encrypted hard drive that's alleged to contain explicit images involving minors.
Sebastien Boucher, a Canadian citizen who is now a legal permanent resident of the U.S. living in Derry, N.H., had earlier been resisting attempts by the government to access the encrypted hard drive, citing Fifth Amendment protections against self-incrimination. A magistrate court judge in Vermont in November 2007 had granted a motion by Boucher to quash a grand jury subpoena in the case on those grounds. However, U.S. District Court Judge William Sessions' ruling on Feb. 20 upholds an appeal by the government asking for that motion to be overthrown.
Boucher was arrested in December 2006 at the Canadian border in Derby Line, Vt., after customs agents allegedly discovered several image files involving child pornography on the computer, including in an encrypted portion of his hard disk that Boucher led them to.
When creating a mirror image of the contents of the laptop a few weeks later, an officer at the Vermont Department of Corrections discovered he could not access a portion of the hard disk containing the images because it had been protected using encryption. Boucher refused to comply with a grand jury subpoena ordering him to turn over the decryption key, saying that doing so would be tantamount to self-incrimination and therefore a violation of his Fifth Amendment rights.
Magistrate Judge Jerome Niedermeier, who originally heard the case in November 2007, granted Boucher's motion to quash the grand jury subpoena. In explaining his decision, Niedermeier said that compelling Boucher to enter the password would force him to produce evidence that could be used to incriminate him. "By entering the password, Boucher would be disclosing the fact that he knows the password and has control over the files [on the encrypted drive]," Niedermeier wrote. "If Boucher does know the password, he would be faced with the forbidden trilemma: incriminate himself, lie under oath, or find himself in contempt of court."
In appealing that ruling, prosecutors modified their original request and noted that they did not, in fact, want the password for the encrypted hard drive, but merely wanted Boucher to produce its contents in an unencrypted fashion in front of a grand jury. The appeal asked Sessions to overthrow the motion quashing the subpoena.
In upholding that appeal, Sessions wrote that the act of producing documents in response to a subpoena can be considered incriminating only when the existence of the subpoenaed material is previously unknown to the government or where production would implicitly authenticate the documents.
"Where the existence and location of the documents are known to the government, no constitutional rights are touched," Sessions wrote, citing a previous case. The judge noted the fact that Boucher had accessed the encrypted files in the presence of the customs agent, who then also had viewed some of them and had discovered them to contain pornographic material involving children.
As a result, the government already knew of the existence and location of the files containing the incriminating evidence, he said. Similarly, the mere act of Boucher producing an unencrypted version of his drive is not necessary to authenticate it because Boucher himself has admitted to possession of the computer, the Judge wrote in his five-page ruling upholding the government's appeal.
Read more about Endpoint Security in Computerworld's Endpoint Security Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
