Does 5th Amendment Protect Porn Passwords?

An Encrypted Laptop Poses A Constitutional Dilemma In Vermont Child-Pornography Case

(AP)  When Sebastien Boucher stopped at the U.S.-Canadian border, agents who inspected his laptop said they found files containing child pornography.

But when they tried to examine the images after his arrest, authorities were stymied by a password-protected encryption program.

Now Boucher is caught in a cyber-age quandary: The government wants him to give up the password, but doing so could violate his constitutional right against self-incrimination by revealing the contents of the files.

Experts say the case could have broad computer privacy implications for people who cross borders with computers, PDAs and other devices that are subject to inspection.

"It's a very, very interesting and novel question, and the courts have never really dealt with it," said Lee Tien, an attorney with the Electronic Frontier Foundation, a San Francisco-based group focused on civil liberties in the digital world.

For now, the law's on Boucher's side: A federal magistrate here has ruled that forcing Boucher to surrender the password would be unconstitutional.

The case began Dec. 17, 2006, when Boucher and his father were stopped at a Derby Line, Vermont, checkpoint as they entered the United States.

Boucher, a 30-year-old Canadian citizen who lives in Derry, New Hampshire, cooperated with agents, telling them he downloads pornography from news groups and sometimes unknowingly acquires images that contain child pornography.

Boucher said he deletes those images when he realizes it, according to an affidavit filed by Immigration and Customs Enforcement.

At the border, he helped an agent access the computer for an initial inspection, which revealed files with names such as "Two year old being raped during diaper change" and "pre teen bondage," according to the affidavit.

Boucher, was accused of transporting child pornography in interstate or foreign commerce, which carries up to 20 years in prison. He is free on his own recognizance.

The laptop was seized, but when an investigator later tried to access a particular drive, he was thwarted by encryption software from a company called Pretty Good Privacy, or PGP.

A grand jury subpoena to force Boucher to reveal the password was quashed by federal Magistrate Jerome Niedermeier on Nov. 29.

"Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop," Niedermeier wrote. "The password is not a physical thing. If Boucher knows the password, it only exists in his mind."

Niedermeier said a Secret Service computer expert testified that the only way to access Boucher's computer without knowing the password would be to use an automated system that guesses passwords, but that process could take years.

The government has appealed the ruling.

Neither defense attorney James Budreau nor Vermont U.S. Attorney Thomas Anderson would discuss the charge.

"This has been the case we've all been expecting," said Michael Froomkin, a professor at the University of Miami School of Law. "As encryption grows, it was inevitable there'd be a case where the government wants someone's keys."

Authorities have encountered such dilemmas before, but have used other methods to learn passwords, including installing surveillance devices that capture keyboard commands. Sometimes investigators have given up before a case reached the courts.

In a 2002 case, the FBI used a keyboard program to obtain gambling records from the computer of Nicodemo Scarfo, Jr., the son of a jailed New Jersey mob boss.

In another case, an officer found child pornography on the laptop of a man who flew into Los Angeles International Airport from the Philippines. But a federal judge later suppressed the evidence, ruling that electronic storage devices are extensions of the human memory and should not be opened to inspection without cause.

That case did not hinge on a password, though.

Orin Kerr, a law professor and computer crime expert at George Washington University, said the distinction that favors the government in Boucher's case is that he initially cooperated and let the agent look at some of the laptop's contents.

"The government can't make you give up your encryption password in most cases. But if you tell them you have a password and that it unlocks that computer, then at that point you no longer have the privilege," he said.

Tien, the attorney with the Electronic Frontier Foundation, said a person's right to keep a password secret is a linchpin of the digital age.

Encryption is "really the only way you can secure information against prying eyes," he said. "If it's too easy to compel people to produce their crypto keys, it's not much of a protection."

[random_radar]

We have ways of dealing with these problems. A little waterboarding ought to do the trick quite nicely.

And since when did the constitution regain its status as an impediment to government? I thought we got rid of the rule of law so we could make everyone be good.

[amazedd]

If they don''t have the password, how did they gain access to the laptop in the first place? Or, was he browsing pornography as he was going through customs?
And, if this creates jurisprudence, can you claim the 5th whenever the Law seeks to read your files?

[edward1975-2009]

Though I think that creeps like this should be done away with. It opens too many questions. They should be able to access what they can, without compelling this guy for nothing else. I find it hard that the government can''t crack this guys passwords.

[sevenveils]

These agents have no business peering into the privacy of an individuals computer or paper note book. This is practice of digital strip searching must be stopped. Government agencies have no right for searches such as these unless there is justified due cause.

[scottyusa]

Turning on someone''s laptop or making them turn it and viewing files is a direct violation of the person''s right to privacy. What right do they have to do that without reasonable suspicion that a crime is being commited? We are turning into a nazi state. In my state they are getting ready to install cameras on the interstate that will snap a picture of the license plates of speeding cars. Tickets will then be mailed to the owner. How do they know who was driving? From what I understand the driver is responsible for speeding. The land of the free is becoming the home of the blind.

[wogerwabbit]

I''m gonna be following this one real close. I don''t do porn or anything illegal with my computer, but I do have such things client business information for which I sign non-disclosure agreements, so I think it''s time to get some PGP if the mind police are going to looking at our stuff uninvited like that. I''ve been asked many times to turn on my laptop at the airport and I don''t mind doing it at all, but the minute they start browsing through my files is when I start breaking hands. We gotta take our country back from these goose steppers, or we''re truly screwed.

[Syndicate]

Looking at someones files is an illegal search. I think the point of turning on a laptop at an airport is to make sure it is really a laptop and not a bomb. Any further digging into the files is an illegal search. As for crossing a border into the US it is probably illegal to even ask about a laptops files.

[amazedd]

The reason they ask you to turn it on is to see that it actually functions as a computer and that it''s not wired to blow-up. But, you have to be pretty stupid to download the stuff, take it across international borders, and then offering to show off your filth.
Like: Turn on your laptop. Sure. What''s the password? It''s left my mind.
But, like I said, no customs officer will ask to read your files, unless they overhear you preaching Satanic Verses or such.

[undermyboot]

There they go again, using "Child Pornography" as a ruse to establish precedent that our liberties are nothing more than words on "a Godd*mned piece of paper" as Bush so patriotically put it.

Every time they use this excuse, more of the liberties and the privacy of law-abiding patriotic Americans are whittled away. Anyone who thinks otherwise needs to take a serious look at dictatorships like China. that is where we are heading, one step at a time.

[ioweign]

Why, if he willingly assisted officials in looking at his laptop, where they found the files, why is he refusing to help?

Because the creep knows he''s guilty. I say, since he showed it once, he forfeits rights to keep it password locked now.

Posted by TheGateway1 at 07:19 PM : Feb 07, 2008

If he is sooo guilty, why did he cooperate in the first place...

How does one forfeit their rights? By coming to the United States ???

[mcharlton]

This is just foul what the government does to "protect" people. They trample the constituition. There''s no probable cause. It''s nice that their going after pedophiles, but to treat a person like a criminal just because he happens to have a laptop is counterproductive and ludicrious. This is starting to remind me of nazi Germany. Is the government going to keep twisting the constituition in court until it has no meaning? I thought they swore to uphold it.

[bhappy2-2]

And, if this creates jurisprudence, can you claim the 5th whenever the Law seeks to read your files?

Posted by Amazedd

I know a truck driver from Texas who carries a letter from a Federal Judge stating that he is not required to provide a log book as it would violate his 5th amendment right since he would, in fact, be providing self-incriminating evidence. Since the 5th amendment allows you to refuse to provide anything that may be self-incriminating I guess that may be correct in his case, and probably in this case as well.

[ioweign]

Privacy is a bit of a fallacy nowadays. The founding fathers didn''''t provide for the provision of securing laptop computers, ya know. And the courts have always been behind the mighty corporations. In fact, they thrive on that sort of thing. People use technology for the wrong reasons.. like these. And there''s no protection once you''re caught. At least not from a horse and buggy court.

Posted by headpop at 09:05 PM : Feb 07, 2008

It falls under "personal property" and invasion of privacy which is covered by the Constitution.

[offtheback]

I know a truck driver from Texas who carries a letter from a Federal Judge stating that he is not required to provide a log book as it would violate his 5th amendment right since he would, in fact, be providing self-incriminating evidence. Since the 5th amendment allows you to refuse to provide anything that may be self-incriminating I guess that may be correct in his case, and probably in this case as well.

Posted by bhappy2-2

BS. Part of holding a drivers license is "implied concent" That meens you, by signing to accept a drivers license you imply concent to submit to a chemical test, or in the case of a professional driver, your manifest and logbook.

[offtheback]

By the way, it occures to me that this may be a case of a citizen attempting to force the issue of privacy of what could be viewed as intelectual property, and if or when they finally do get into the machine and open the files the image they find will be the long lost photo of George Bush taking it up the pooper from Jack Abrams durring his secret visits to the White House.

[mindy111]

Interesting case. If he ever wrote down his password or had unprotected on a computer or drive, it would not be protected. We should all be using PGP and memorizing passwords. Keep Big Brother in his closet.

[denn034]

Constitutional is constitutional. Find another way.

[martin9p2]

If the owner of a house shows police that illegal material is in a certain room, and then he locks the door to the room, and says the key is hidden and the location of the key is in his mind and claims he is therefore not obligated to divulge the location, ... he would be put in jail until he produces the key. Right? Not right?

[martin9p2]

If you''re driving a load of porn across the border, and the border officer asks to look insude (because he''s allowed to), and you have porn in the truck, he would arrest you (or whatever). But if you have it in a laptop, it becomes legal to refuse inspection? I don''t think so. Or if you have a load of printed porn inside a thick steel safe that the agent can''t open (which is just like an encrypted laptop), does that make it lawful to drive across? And if you are dumb enough to tell the agent there''s porn inside the steel safe or inside the laptop, and you even show him but you don''t give him a second peek, then it becomes lawful to drive across? I don''t think so.

[martin9p2]

Is it legal to import or export copyrighted music or video just because you encrypt it on a storage device? I don''t think so. And if you tell the border agent you are importing copyrighted material on encrypted media that he can''t look at, you are both stupid and ... in jail. Same deal goes for porn, right?

[ioweign]

Its not personal property. You didn''t write one program for that there "laptop".

Posted by headpop at 09:30 PM : Feb 07, 2008

Personal property has numerous categories. Writing would be one, purchasing software would be another and owning a "laptop" another.

[ioweign]

I know a truck driver from Texas who carries a letter from a Federal Judge stating that he is not required to provide a log book as it would violate his 5th amendment right since he would, in fact, be providing self-incriminating evidence. Since the 5th amendment allows you to refuse to provide anything that may be self-incriminating I guess that may be correct in his case, and probably in this case as well.

Posted by bhappy2-2

BS. Part of holding a drivers license is "implied concent" That meens you, by signing to accept a drivers license you imply concent to submit to a chemical test, or in the case of a professional driver, your manifest and logbook.

Posted by offtheback at 09:20 PM : Feb 07, 2008

True - Having a driver''s license is NOT a right, it is in the privilege category.

[offtheback]

If the owner of a house shows police that illegal material is in a certain room, and then he locks the door to the room, and says the key is hidden and the location of the key is in his mind and claims he is therefore not obligated to divulge the location, ... he would be put in jail until he produces the key. Right? Not right?


--------------------------------------------------------------------------------

Posted by martin9p2

If, now I''m just spitball''n here, the room was locked already and child porn room was written on the door would that be probabl cause? if so and they could not break down the door they would need to get a warrant and enter by any meens nessasary.

To get in, all they have to do is crash the hard drive, then rebuild it. No info that exists on a hard drive is unretrievable short of sustained major emp or physical destruction.

I still contend that, once they get in, they will GWB and JA in compromising poses.

[imnho]

I think were are talking fourth amendment and not fifth.

The fourth amendment is about ureasoanble searches.

The fifth amendment covers due process and the right to have a lawyer in crimial cases

[matter77]

This case is getting a lot of attention for a couple reasons, but as far as national security goes it isn''t important. If it were, they would have broken the password by now. The NSA could break it a few days with super computers. They just aren''t going to use them on this, especially since there is already such a backlog of national security related crypto stuff waiting to get done.

[glidescube]

I think were are talking fourth amendment and not fifth.

The fourth amendment is about ureasoanble searches.

The fifth amendment covers due process and the right to have a lawyer in crimial cases

Is''nt it the 5th that protects us against self incrimination...that''s why they say ''I plea the fifth.'' So when they ask the guy for the passwords and he declines it''s like he is pleaing the 5th.

[samthetvcat]

"In another case, an officer found child pornography on the laptop of a man who flew into Los Angeles International Airport from the Philippines. But a federal judge later suppressed the evidence, ruling that electronic storage devices are extensions of the human memory and should not be opened to inspection without cause.

That case did not hinge on a password, though."

This ruling is outrageous - how many people have the contents of their laptops searched? Something must have raised the red flags with security which should be enough to establish probable cause and some sort of ''airport security exception''/''exigent circumstances''. I wonder whether prosecutors appealed - like is this a case of the Ninth circuit COA putting individual liberty WAY ahead of paramount societal concerns like say um security? Grrr!

In contrast, no way the child porn guy''ll be forced to give up his password - 5A ought to protect him for sure. Given the highly disturbing sounding names of the files coupled with border agent testimony of his admission as to the contents that ought to be sufficient to convict, wouldn''t you think?

[mystixa]

The government is and has been free to inspepct the computer at will. The password is like a narrative in the persons mind.

With the narrative a crime can be resolved. A counterfitter could know the entire story of how the fake money came into existence & if he told that story he would be jailed. That is protected by the 5th amendment. In the same manner that ''narrative'' of a password unravels the mystery that is the encrypted disk on the laptop. With it the entire alleged crime is revealed. So through the revealing of that 1 thought he is incriminating himself, & that cant be allowed.

What is the alternative here.. someone would be jailed for not providing the key? ..jailed for even long if they provided a false one? So what happens if you dont remember the key.. legitimately dont remember it.

What happens if the encryption/decryption programs are just plain broken. So theres a non-repeatable bug that keeps your password from working for whatever reason. Do you jail the person then?

[Wookiee-1138]

PGP is a powerful system. I have friends who study Computer Forensics. And they swear by it.

[archangelric]

look again at the charge "Boucher, was accused of transporting child pornography in interstate or foreign commerce" Doesn''t that mean that he was buying or selling child pornography (which there seems to be no proof of - you would need invoices, etc.)

Let''s get real, folks: anyone who has been on the internet long enough has had their email address forged by spammers to send spam, and been put on spammers lists and sent many unrequested spam emails some of which were pornographic some may have involved child pornography.

Who knows what has been sent and ended up in the junk mail folder only to be deleted automatically.

Further who knows what was sent with a title of "Two year old being raped during diaper change" and "pre teen bondage,"; titles don''t mean anything, especially to hackers who use titles like this to get you to read / download viruses.

Which brings up a question - what if those files were infected and the customs agent destroys the files on the computer?

You also have to watch the definition of ''child''; our states each have different definitions for age of consent, age of drinking; etc. and to assume that the world goes by our definitions is absurd - Germany, Denmark and others have a much earlier age of adulthood than we do.

[mcvet]

This case is getting a lot of attention for a couple reasons, but as far as national security goes it isn''''t important. If it were, they would have broken the password by now. The NSA could break it a few days with super computers. They just aren''''t going to use them on this, especially since there is already such a backlog of national security related crypto stuff waiting to get done.


Posted by matter77 at 11:31 PM : Feb 07, 2008
+ report abuse

I fail to understand your reasoning here. Are you saying all the Government has to do to gain a password is claim "national security"? We have lived through 7 long years of that kind of thinking and that''s quite enough for me.

[antoniof123]

I fail to understand your reasoning here. Are you saying all the Government has to do to gain a password is claim "national security"? We have lived through 7 long years of that kind of thinking and that''''s quite enough for me.


--------------------------------------------------------------------------------

Posted by MCVet at 06:33 AM : Feb 08, 2008

You are so right enough is enough. But breaking the password is not as simple as throwing a super computer. Depending on the encryption could prove next to impossible. I believe my calculation for 138 bit encryption came to 3.40282E+38 it would even be worst for 256 bit encryption 1.15792E 77. And of course there are other process that can be added to make breaking an encryption even harder.

But that was not the issue the issue was you are right MCVet we have had enough of the wing nuts runing this country and I see the light at the end of the tunnel.

[excoachken]

The Constitution protects "the good, the bad, and the ugly." The Cowardly Cowboy may have to depend upon the very document he tried to destroy, when he is , eventually, taken to trial for his war lies!

[runningralph]

Taxpayers can''t force a person to incriminate themselves but the case can still be tried before a jury. Accusations can be made, then the jury can decide. Property(computers) can be held in evidence. My bet would be on the taxpayers in this case. Foreigners can be deported. *** offenders can be sent to live under bridges- in this case under a Canadian bridge.

[lochlan-2009]

az97202- You mean you think you have nothing to hide. You have no idea what files are on your computer if it has been on the internet.

[klingon69]

Personal property has numerous categories. Writing would be one, purchasing software would be another and owning a "laptop" another.
Posted by IOWEIGN at 10:35 PM : Feb 07, 2008
When you "purchase software" you are actually purchasing a licensing agreement (that page that pops up and asks you to accept or decline the agreement, the one most people don''t read). You do not "own" the software, you have a licensed agreement to use the software.

[klingon69]

In contrast, no way the child porn guy''''ll be forced to give up his password - 5A ought to protect him for sure. Given the highly disturbing sounding names of the files coupled with border agent testimony of his admission as to the contents that ought to be sufficient to convict, wouldn''''t you think?
Posted by SamTheTVCat at 02:19 AM : Feb 08, 2008
Not to convict. It does give probable cause. A filename is changeable, so just name wouldn''t be enough to convict.
Newsbots are used by millions to surf newsgroups. Some can be set to download any new pictures, songs...etc. It was stated in the article that he admited to downloading from newsgroups, and that sometimes childporn does get included in those downloads. I have used newsbots and never had that happen, but have had some weird pics downloaded. However there is little control on what another user posts to a newsgroup. Many are not monitored. However, I set what newsgroups I want it to peruse. I don''t just use a general dump.

[marcpcbs]

"Does 5th Amendment Protect Porn Passwords?
An Encrypted Laptop Poses A Constitutional Dilemma In Vermont Child-Pornography Case"

Because I''m really tired of seeing the law used to protect the guilty and to hell with the victim, I sure hope not.

[jinxkity]

I find it interesting that reveiling an encrypted password is ''self-incriminating'' but forcing of a breathalizer or blood test to determine alcohol levels isn''t. Believe me, I''m not condoning drunk driving, but sobriety tests sure have the ring of one incriminating one''s self.

[lorinkundert]

The Constitution is the Supreme law of the land, there are no exceptions.

[rf35]

"Because I''m really tired of seeing the law used to protect the guilty and to hell with the victim, I sure hope not."

Who is guilty? We are innocent until proven guilty. If I follow your thinking, as soon as someone is accused of a crime, they are guilty and would have to prove they were innocent in order to be released. That doesn''t sount very American.
I think Amendments IV and V apply here...the 5th in not giving up the password. The 4th applies in that the border agent should not have been trying to inspect the contents of the laptop without probable cause. Powering it on is different than looking through the files. The fact that he allowed the inspection in the first place only proves he is guilty of being a dullard, not a child porn trafficker.