in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

iPhone Encryption: FL Appeals Judge Says "OK" to Compel Password

A new iPhone encryption case is making the headlines. Unlike many of the controversial ones to date, I think it can safely be said that in this case, the courts were right in compelling the suspect to unlock his smartphone.  

Up-Skirt Videos

A voyeur – we'll call him John Doe, although his name was revealed by the media – was caught using his iPhone to film up-skirt footage of a woman at a mall. He ran when confronted but the police were able to track him down using security footage.

Doe initially agreed to a search of his smartphone but reneged at the last moment. A warrant was procured and granted for the phone, but Doe, one assumes, wouldn't cooperate when it came to accessing its contents. Doe, of course, is claiming his Fifth Amendment privileges.

After legal haranguing, a Florida appellate court judge ruled that Doe must unlock his phone.  

Only Protected When It's Testimonial

The thing about the Fifth Amendment is that it's not legally ironclad, as I wrote back in 2012 regarding the Eleventh Circuit Court of Appeals ruling on decrypting hard drives and violating the Fifth. In that case, the court ruled that it was a Fifth Amendment violation; however, in a couple of other similar cases, the opposite was concluded.

I said that they all made sense in a non-contradictory manner. Why? Because of what's known as foregone conclusion. Remember, the Fifth Amendment was designed to prevent "fishing expeditions" which has been described as:

[a] method of putting the accused upon his oath and compelling him to answer questions designed to uncover uncharged offenses, without evidence from another source.
This, in essence, is why compelling testimony against a person is unconstitutional: you arrest a guy for no reason, go through his personal life to see what charges you can stick on him (the "fishing") – if you can't find anything, then torture him so he'll confess under oath to something, either true or made up – and then jail him based on that. The Fifth exists to prevent things like this (the Brits used to do this a lot, so that's why its prohibition is enshrined in the US Constitution).

But what if it's not a fishing expedition? What if the government is (to extend the theme) "spearing a whale," i.e., aiming for something that they know exists or happened? Well, it's different then.

Because the government is not looking to find new evidence, or forcing a defendant to present new evidence that the government didn't know about, there is no violation of the Fifth. It's the difference between,

"Who did you kill and where did you stash the corpse?"
and
"Where is Mary's body? We have video footage of you putting it in your car's trunk and driving outside the city."

In the latter case, it's a foregone conclusion that you know where Mary's body is, and the government can prove it. Revealing what happened to Mary's body, and where it is, is not testimonial. You can claim the Fifth and not cooperate, but you won't get the actual legal protection (probably). On the other hand, forcing a suspect to do the same under the former is definitely testimonial.

That there are grey tones to the Fifth makes instinctual sense: If you're served with a warrant to examine the inside of your house, your don't claim the Fifth and stop the authorities from crossing the threshold. The law is legally allowed inside whether you like it or not.

Same goes for the blood samples, handwriting samples, DNA samples, voice recordings, or standing in a line up. All of these acts work against a guy and claiming the Fifth doesn't do squat.  

What About the Contents of the Mind?

You might be thinking, well, that's all well and good but wasn't there a legal maxim that you can be forced to turn over the keys to a strong box's lock but never if it's a combination lock where the "keys" don't exist? And isn't the iPhone's four-digit code more like a combo lock?

And the answer is "yes." As it turns out, though, all of that was part of a dissenting opinion (8 to 1, no less), so it's not precedent. Nevertheless, the judge in the voyeur's case made reference to it, and wondered whether differentiating between the two even makes sense, especially in this day and age.

But even if it did, foregone conclusion applies to things like passwords as well. In one case, a man crossed into the US with a laptop that contained kiddie porn. The border agent saw it and the guy was arrested. The laptop's encryption, however, kicked in afterwards. The man was ordered to decrypt the laptop by a court. Why? The government already knew that it was there. No fishing necessary.

In another case, a woman was recorded as saying that her laptop, which was already taken in as physical evidence, contained files that she didn't want the prosecutors to see. She also was ordered to decrypt her laptop. Why? The government already knew that it was there.

There have been many other instances where "things in one's mind" have been compelled to be produced by a court. It ultimately seems to come down to: is the government fishing for evidence or not?

In the voyeur's case, it appears that foregone conclusion kicks in. The cops have identified him and tracked him down. There is a witness (the woman who was wearing the skirt and confronted him). He ran when confronted. There is, apparently, footage of him at the mall (which explains how he was tracked down). A warrant was issued based on all of this. He pretty much all but admitted that the phone is his. And, as the judge noted, providing the PIN isn't testimonial – that is, it doesn't create new evidence nor would it be taken as admission of guilt.

There is very little wiggle room for John Doe here.  

Still, Problematic

The situation is not without problems, however. What if Doe doesn't remember his PIN? Then he'll be found in contempt of the court for something he's truly unable to do. And that has to be just as bad as putting some guy in jail on trumped up charges.    

 

Related Articles and Sites:

http://courthousenews.com/florida-court-denies-protection-for-iphone-passcode/
http://www.bbc.com/news/technology-38303977
https://apple.slashdot.org/story/16/12/13/2047234/florida-court-says-suspected-voyeur-must-reveal-his-iphone-passcode-to-police
https://www.law.cornell.edu/supremecourt/text/487/201

 
<Previous Next>

Laptop Encryption: Chesapeake Public Schools Laptop Theft Affects Over 10,000 Employees

US Government Committee Concludes (Yet Again) That Encryption Backdoors Undesirable

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.