Judge upholds efforts to compel individual to decrypt drive in child pornography case
The accused had sought Fifth Amendment protections against self-incrimination
Computerworld - A federal judge in Vermont has ordered a man charged with transporting child pornography on his computer to open and produce before a grand jury the contents of an encrypted hard drive that's alleged to contain explicit images involving minors.
Sebastien Boucher, a Canadian citizen who is now a legal permanent resident of the U.S. living in Derry, N.H., had earlier been resisting attempts by the government to access the encrypted hard drive, citing Fifth Amendment protections against self-incrimination. A magistrate court judge in Vermont in November 2007 had granted a motion by Boucher to quash a grand jury subpoena in the case on those grounds. However, U.S. District Court Judge William Sessions' ruling on Feb. 20 upholds an appeal by the government asking for that motion to be overthrown.
Boucher was arrested in December 2006 at the Canadian border in Derby Line, Vt., after customs agents allegedly discovered several image files involving child pornography on the computer, including in an encrypted portion of his hard disk that Boucher led them to.
When creating a mirror image of the contents of the laptop a few weeks later, an officer at the Vermont Department of Corrections discovered he could not access a portion of the hard disk containing the images because it had been protected using encryption. Boucher refused to comply with a grand jury subpoena ordering him to turn over the decryption key, saying that doing so would be tantamount to self-incrimination and therefore a violation of his Fifth Amendment rights.
Magistrate Judge Jerome Niedermeier, who originally heard the case in November 2007, granted Boucher's motion to quash the grand jury subpoena. In explaining his decision, Niedermeier said that compelling Boucher to enter the password would force him to produce evidence that could be used to incriminate him. "By entering the password, Boucher would be disclosing the fact that he knows the password and has control over the files [on the encrypted drive]," Niedermeier wrote. "If Boucher does know the password, he would be faced with the forbidden trilemma: incriminate himself, lie under oath, or find himself in contempt of court."
In appealing that ruling, prosecutors modified their original request and noted that they did not, in fact, want the password for the encrypted hard drive, but merely wanted Boucher to produce its contents in an unencrypted fashion in front of a grand jury. The appeal asked Sessions to overthrow the motion quashing the subpoena.
In upholding that appeal, Sessions wrote that the act of producing documents in response to a subpoena can be considered incriminating only when the existence of the subpoenaed material is previously unknown to the government or where production would implicitly authenticate the documents.
"Where the existence and location of the documents are known to the government, no constitutional rights are touched," Sessions wrote, citing a previous case. The judge noted the fact that Boucher had accessed the encrypted files in the presence of the customs agent, who then also had viewed some of them and had discovered them to contain pornographic material involving children.
As a result, the government already knew of the existence and location of the files containing the incriminating evidence, he said. Similarly, the mere act of Boucher producing an unencrypted version of his drive is not necessary to authenticate it because Boucher himself has admitted to possession of the computer, the Judge wrote in his five-page ruling upholding the government's appeal.
Read more about Endpoint Security in Computerworld's Endpoint Security Topic Center.
- Reducing the cost and complexity of endpoint management IBM now offers simpler, more affordable solutions for improving endpoint security, patch compliance, lifecycle management and power management within midsized organizations. Read this...
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Endpoint Security White Papers | Webcasts