Skip Navigation

Forced Decryption of Data

Can the United States government (or a state government) compel a person to reveal his or her encryption key or password? If not, can the government force a person to provide a decrypted copy of encrypted data as part of a criminal investigation? In this lesson, we’re going to look at some case law related to these questions.1

Page Contents

Video Lecture


Watch at Internet Archive

The 5th Amendment

“No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.”2

In terms of understanding the issue of forced decryption, the relevant part of the 5th Amendment is the “nor shall be compelled in any criminal case to be a witness against himself” statement. Over the years, the courts have struggled with the issue of whether or not disclosure of an encryption key or passphrase is testimonial. Furthermore, even if the key or passphrase is part of the contents of one’s mind, and is therefore held to be testimonial, is forced disclosure of the unencrypted contents of the encrypted data testimonial? In other words, could a person be given the right to maintain the secrecy of their encryption passphrase but be forced to enter that passphrase to provide access to an encrypted piece of data?

The key term here is testimonial. In Hoffman v. United States (1951), a suspect with prior criminal history refused to disclose information about his current occupation, contacts, and connections. The suspect was held in contempt of court for refusing to make the disclosure, and he was imprisoned as a result. Upon appeal to the United States Supreme Court, the contempt charge was overturned:

“The privilege against self-incrimination guaranteed by the Fifth Amendment extends not only to answers that would in themselves support a conviction under a federal criminal statute, but also to those which would furnish a link in the chain of evidence needed to prosecute the claimant for a federal crime.”3

United States v. Hubbell (2000)

Almost 50 years after the Hoffman case, the independent prosecutor investigating the Clinton-era Whitewater controversy attempted a creative end-run around the Hoffman definition of fifth amendment protections. In this case, Webster Hubbell was granted “act of production” immunity to provide over 13,000 pages of records in response to a grand jury subpoena, after Hubbell initially refused on 5th Amendment grounds. After reviewing the documents, the prosecutor charged Hubbell with federal crimes that were substantiated by the contents of the documents.

In the ensuing court case, the prosecutor argued that the immunity granted to Hubbell only extended to protecting him from charges related to the production of the documents, not to the contents of those documents. SCOTUS dismissed the indictment, stating that “[t]he testimonial aspect of respondent’s act of production was the first step in a chain of evidence leading to this prosecution” and that “the Government has shown no prior knowledge of either the existence or the whereabouts of the documents ultimately produced here.”4

The precedent set in the Hubbell case restates and clarifies the Hoffman decision by requiring that the government must know in advance both that a certain piece of evidence exists and its location before a defendant can be compelled to produce that evidence. If the government does not have actual knowledge that the evidence exists, or they cannot say where the evidence is located without first seeing it, then Hubbell asserts a 5th Amendment right against disclosure. These two requirements are essential for understanding the next several cases.

In re Boucher (2009)

In 2009, a case came before the United States District Court in the District of Vermont. Sebastien Boucher, a Canadian citizen, crossed the Canada-United States border and was selected for a secondary inspection. This inspection included a search of his laptop computer, which was powered on and unlocked. In the process of completing the inspection, the border agent spotted a file on the computer with a name suggestive of sexual abuse imagery involving a toddler.5 Upon questioning, Boucher admitted to downloading large quantity of pornography from file sharing sites, but stated that he would delete any underage content he found in the downloads. Boucher was subsequently arrested, and his laptop was seized and powered off.

Upon conducting a forensic investigation, the laboratory personnel found that the evidence was stored inside a fully encrypted container, which Boucher refused to open. The government thus proceeded to seek an order from a federal magistrate judge to compel Boucher to provide an unencrypted copy of the evidence. In seeking the order, the government offered act-of-production immunity to Boucher to work around the 5th Amendment, in spite of Hubbell. Based upon prior case law, the magistrate judge refused to grant the order, writing:

“Entering a password into the computer implicitly communicates facts. By entering the password[,] Boucher would be disclosing the fact that he knows the password and has control over the files on drive Z. The procedure is equivalent to asking Boucher, “Do you know the password to the laptop?” If Boucher does know the password, he would be faced with the forbidden trilemma[:] incriminate himself, lie under oath, or find himself in contempt of court.”6

The District Court reversed the Magistrate’s ruling and granted the order, ruling that the “foregone conclusion” doctrine applied. In issuing this ruling, the court stated:

“Boucher accessed the Z drive of his laptop at the ICE agent’s request. The ICE agent viewed the contents of some of the Z drive’s files, and ascertained that they may consist of images or videos of child pornography. The Government thus knows of the existence and location of the Z drive and its files. Again providing access to the unencrypted Z drive “adds little or nothing to the sum total of the Government’s information” about the existence and location of files that may contain incriminating information.”

Boucher did not appeal the case further, instead reaching a plea agreement with the prosecution. He was subsequently sentenced to 37 months in prison and five years of probation. As part of the plea agreement, the government agreed not to prosecute Boucher for any additional files found among the unencrypted data, which Boucher produced as part of the agreement. He was therefore convicted based only upon the evidence viewed by the border patrol agent, and not for the additional 2,000 child abuse images or the 118 abusive videos found after production.8

United States v. Kirschner (2010)

In contrast to In re Boucher, a case in the United States District Court for the Eastern District of Michigan led to a different outcome. Defendant Thomas Kirschner was indicted by a grand jury for receipt of child abuse images, a federal crime. The U.S. Attorney prosecuting the case then issued a subpoena to Kirschner, ordering him to turn over all passwords to his computer system, so that the government could access his encrypted data. Kirschner then filed a motion with the District Court to quash the subpoena, which was granted, citing Hubbell. The court wrote:

“In this case, the government is not seeking documents or objects – it is seeking testimony from the Defendant, requiring him to divulge through his mental processes his password – that will be used to incriminate him.”9

The key difference between Kirschner and In re Boucher, is that the government sought to obtain files it already knew were present in the latter case. In the former case, the government wanted to go on a fishing expedition to find whatever evidence it could locate on the suspect’s computer, without first knowing whether or not the evidence even existed (not to mention where it was located). Had Kirschner been forced to provide his passwords, he would have been furnishing a link in the chain required to substantiate charges against them – a link that the government did not already have.

United States v. Fricosu (2012)

In yet another case involving digital evidence and encryption, the government suspected Ramona Fricosu of mortgage fraud. Finding part of her hard drive to be encrypted, the government sought a production order requiring Fricosu to provide an unencrypted copy of the contents of the encrypted files. In this case, the court granted the order, citing the All Writs Act. The key to this case was the government had access to a telephone conversation between Fricosu and her ex-husband, who was incarcerated at the time. In that conversation, Fricosu admitted that the files existed and were indeed stored on her laptop. The court therefore concluded that “[t]here is little question here but that the government knows of the existence and location of the computer’s files.”10

Since the government knew the existence and location of the files, the court ruled that the 5th Amendment protections (as articulated in Hubbell) did not apply. Although Fricosu’s attorney petitioned the court for reconsideration, the matter rapidly became moot after the ex-husband provided a list of possible passwords to investigators, and one of those passwords successfully decrypted the evidence.11 Fricosu subsequently pleaded guilty and was sentenced to 37 months imprisonment, 5 years probation, and over $1.5 million in restitution.12

While a quick Internet search of this case yields plenty of articles with catchy headlines about the government being able to force a person to decrypt data, the actual facts of the case do not support such a conclusion. First, the fact that the government knew about both the existence and location of the evidence negated the testimonial nature of production, as provided under Hubbell. Second, the entire issue became moot once a third party supplied the passphrase for the encryption system. Ultimately, the 5th Amendment didn’t even come into play, since the evidence was obtained without the defendant’s cooperation.

United States v. Doe (2012)

Our final case is that of a man in Florida who filed his appeal anonymously (which, in the federal court, is normally filed as John Doe for a man or Jane Roe for a woman). As part of an investigation into the trafficking of child abuse materials, law enforcement traced the defendant (“Doe”) to a hotel and seized several computers and external hard drives pursuant to a search warrant. Upon forensic examination, it was determined that all the drives were encrypted using TrueCrypt. A grand jury issued a subpoena to require Doe to produce an unencrypted copy of all the data, which he refused to do. The District Court, holding that the act of producing the unencrypted copy of the data was not testimonial, held Doe in contempt and ordered him imprisoned.

After several months in jail, the 11th Circuit Court of Appeals heard Doe’s appeal of the contempt order, released him from custody, and ruled that “Doe’s decryption and production of the hard drives’ contents would be testimonial, and that such protection would extend to the Government’s use of the drives’ contents.”13 In asserting that the District Court erred in holding Doe in contempt, the Circuit Court cited the Hoffman, Hubbell, In re Boucher, and Fricosu cases, among others. The Circuit Court further wrote:

“We find no support in the record for the conclusion that the Government, at the time it sought to compel production, knew to any degree of particularity what, if anything, was hidden behind the encrypted wall.
“In short, we conclude that Doe would certainly use the contents of his mind to incriminate himself or lead the Government to evidence that would incriminate him if he complied with the district court’s order. Moreover, the Government has failed to show any basis, let alone shown a basis with reasonable particularity, for its belief that encrypted files exist on the drives, that Doe has access to those files, or that he is capable of decrypting the files. The ‘foregone conclusion’ doctrine does not apply under these facts.
“The Fifth Amendment protects Doe’s refusal to decrypt and produce the contents of the media devices because the act of decryption and production would be testimonial, and because the Government cannot show that the ‘foregone conclusion’ doctrine applies.”13

Conclusions … For Now

Based on the Doe case and the other previously cited cases, it appears unlikely that the government would be able to force a person to decrypt data unless the government already knew about the existence and location of that data. However, nothing stops the government from decrypting the data using purely technological means, such as brute-forcing a weak passphrase. Furthermore, if the decryption key or passphrase can be obtained through another means, such as a live acquisition tool, voluntary disclosure by the suspect, or voluntary disclosure by a third party, the government can still access and use the decrypted data as evidence.

It is especially concerning that government attorneys would try to weaken the safeguards provided by the 5th Amendment, as shown by the act-of-production immunity granted in cases such as In re Boucher (and Doe, if one reads further in the Circuit Court opinion13). The idea behind this type of immunity is that the government is trying to reassure the defendant that they will not be charged based upon the mere act of producing the requested data. However, act-of-production immunity explicitly tries to make the produced data fair game for additional charges or as evidence pointing to guilt. It seems that Hubbell precludes such use, and Hubbell was decided more than a decade before Doe!

Now you might be thinking that the cases cited here are extreme examples: Fricosu pled guilty to mortgage fraud, while Boucher, Kirschner, and Doe were accused of particularly heinous crimes. Shouldn’t the government use every available tool to prosecute a child abuser or a terrorist? Why should we care about these particular cases?

The answer to those questions is simple. Remember that our legal system follows the principle of stare decisis. Once the government manages to get the court, particularly the Supreme Court, to allow something in one case, they can cite that case as precedent to allow the same thing to be done in any future case. Cases involving terrorism or child abuse tend not to result in much sympathy from the public, so there is unlikely to be much outrage if the government manages to restrict a defendant’s rights in one of these cases. However, that reduction of rights will then apply in all cases moving forward (no matter how minor), granting the government far more power to intrude into a person’s thoughts. A weakening of 5th Amendment protections for digital devices would become especially problematic today, as we often use these devices as an extension of our own minds.14

Notes and References

  1. Disclaimer: I am not a lawyer, and no part of this lesson constitutes legal advice. This work is based upon research into laws and cases applicable in the State of South Carolina, United States of America, for the purpose of studying digital forensics. Laws and legal practices vary from jurisdiction to jurisdiction, and both case law and statutes can change at any time. Consult a licensed attorney if you have legal questions. 

  2. Congressional Research Service. “Fifth Amendment to the United States Constitution.” Constitution Annotated 

  3. Hoffman v. United States, 341 U.S. 479 (1951). 

  4. United States v. Hubbell, 530 U.S. 27 (2000). 

  5. The actual filename is present in the case documents but is disturbing, so I have not reproduced it here. 

  6. In Re Boucher. United States District Court for the District of Vermont. 2007 WL 4246473. 

  7. In re Grand Jury Subpoena to Sebastien Boucher. United States District Court for the District of Vermont. No. 2:06-mj-91, 2009 WL 424718. 

  8. Canadian Broadcasting Corporation. “Quebec man sentenced in U.S. child porn case.” CBC News. January 22, 2010. Article 

  9. United States v. Kirschner. United States District Court for the Eastern District of Michigan. 823 F.Supp.2d 665. 

  10. United States v. Fricosu. United States District Court for the District of Colorado. 841 F.Supp.2d 1232. 

  11. John Ingold. “Feds unlock suspect’s computer without her help.” The Denver Post. March 1, 2012. Article 

  12. United States of America v. Ramona Camelia Fricosu. Amended Judgment in a Criminal Case. 10-cr-00509-REB-02. Document 453. Filed September 13, 2013. 

  13. In Re: Grand Jury Subpoena, Duces Tecum Dated March 25, 2011, United States of America v. John Doe. United States Court of Appeals for the Eleventh Circuit. 670 F.3d 1335. 

  14. Stephen B. Wicker. “Smartphones, Contents of the Mind, and the Fifth Amendment.” Communications of the ACM 61(4), 28-31. April 2018. Electronic Version 

Police Interviews

Ethics in Digital Forensics
Acquisition and Custody of Evidence
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.