Judge upholds efforts to compel individual to decrypt drive in child pornography case
The accused had sought Fifth Amendment protections against self-incrimination
Computerworld - A federal judge in Vermont has ordered a man charged with transporting child pornography on his computer to open and produce before a grand jury the contents of an encrypted hard drive that's alleged to contain explicit images involving minors.
Sebastien Boucher, a Canadian citizen who is now a legal permanent resident of the U.S. living in Derry, N.H., had earlier been resisting attempts by the government to access the encrypted hard drive, citing Fifth Amendment protections against self-incrimination. A magistrate court judge in Vermont in November 2007 had granted a motion by Boucher to quash a grand jury subpoena in the case on those grounds. However, U.S. District Court Judge William Sessions' ruling on Feb. 20 upholds an appeal by the government asking for that motion to be overthrown.
Boucher was arrested in December 2006 at the Canadian border in Derby Line, Vt., after customs agents allegedly discovered several image files involving child pornography on the computer, including in an encrypted portion of his hard disk that Boucher led them to.
When creating a mirror image of the contents of the laptop a few weeks later, an officer at the Vermont Department of Corrections discovered he could not access a portion of the hard disk containing the images because it had been protected using encryption. Boucher refused to comply with a grand jury subpoena ordering him to turn over the decryption key, saying that doing so would be tantamount to self-incrimination and therefore a violation of his Fifth Amendment rights.
Magistrate Judge Jerome Niedermeier, who originally heard the case in November 2007, granted Boucher's motion to quash the grand jury subpoena. In explaining his decision, Niedermeier said that compelling Boucher to enter the password would force him to produce evidence that could be used to incriminate him. "By entering the password, Boucher would be disclosing the fact that he knows the password and has control over the files [on the encrypted drive]," Niedermeier wrote. "If Boucher does know the password, he would be faced with the forbidden trilemma: incriminate himself, lie under oath, or find himself in contempt of court."
In appealing that ruling, prosecutors modified their original request and noted that they did not, in fact, want the password for the encrypted hard drive, but merely wanted Boucher to produce its contents in an unencrypted fashion in front of a grand jury. The appeal asked Sessions to overthrow the motion quashing the subpoena.
In upholding that appeal, Sessions wrote that the act of producing documents in response to a subpoena can be considered incriminating only when the existence of the subpoenaed material is previously unknown to the government or where production would implicitly authenticate the documents.
"Where the existence and location of the documents are known to the government, no constitutional rights are touched," Sessions wrote, citing a previous case. The judge noted the fact that Boucher had accessed the encrypted files in the presence of the customs agent, who then also had viewed some of them and had discovered them to contain pornographic material involving children.
As a result, the government already knew of the existence and location of the files containing the incriminating evidence, he said. Similarly, the mere act of Boucher producing an unencrypted version of his drive is not necessary to authenticate it because Boucher himself has admitted to possession of the computer, the Judge wrote in his five-page ruling upholding the government's appeal.
Read more about Endpoint Security in Computerworld's Endpoint Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Endpoint Security White Papers | Webcasts