Does 5th Amendment Protect Porn Passwords?

(AP)  When Sebastien Boucher stopped at the U.S.-Canadian border, agents who inspected his laptop said they found files containing child pornography.

But when they tried to examine the images after his arrest, authorities were stymied by a password-protected encryption program.

Now Boucher is caught in a cyber-age quandary: The government wants him to give up the password, but doing so could violate his constitutional right against self-incrimination by revealing the contents of the files.

Experts say the case could have broad computer privacy implications for people who cross borders with computers, PDAs and other devices that are subject to inspection.

"It's a very, very interesting and novel question, and the courts have never really dealt with it," said Lee Tien, an attorney with the Electronic Frontier Foundation, a San Francisco-based group focused on civil liberties in the digital world.

For now, the law's on Boucher's side: A federal magistrate here has ruled that forcing Boucher to surrender the password would be unconstitutional.

The case began Dec. 17, 2006, when Boucher and his father were stopped at a Derby Line, Vermont, checkpoint as they entered the United States.

Boucher, a 30-year-old Canadian citizen who lives in Derry, New Hampshire, cooperated with agents, telling them he downloads pornography from news groups and sometimes unknowingly acquires images that contain child pornography.

Boucher said he deletes those images when he realizes it, according to an affidavit filed by Immigration and Customs Enforcement.

At the border, he helped an agent access the computer for an initial inspection, which revealed files with names such as "Two year old being raped during diaper change" and "pre teen bondage," according to the affidavit.

Boucher, was accused of transporting child pornography in interstate or foreign commerce, which carries up to 20 years in prison. He is free on his own recognizance.

The laptop was seized, but when an investigator later tried to access a particular drive, he was thwarted by encryption software from a company called Pretty Good Privacy, or PGP.

A grand jury subpoena to force Boucher to reveal the password was quashed by federal Magistrate Jerome Niedermeier on Nov. 29.

"Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop," Niedermeier wrote. "The password is not a physical thing. If Boucher knows the password, it only exists in his mind."

Niedermeier said a Secret Service computer expert testified that the only way to access Boucher's computer without knowing the password would be to use an automated system that guesses passwords, but that process could take years.

The government has appealed the ruling.

Neither defense attorney James Budreau nor Vermont U.S. Attorney Thomas Anderson would discuss the charge.

"This has been the case we've all been expecting," said Michael Froomkin, a professor at the University of Miami School of Law. "As encryption grows, it was inevitable there'd be a case where the government wants someone's keys."

Authorities have encountered such dilemmas before, but have used other methods to learn passwords, including installing surveillance devices that capture keyboard commands. Sometimes investigators have given up before a case reached the courts.

In a 2002 case, the FBI used a keyboard program to obtain gambling records from the computer of Nicodemo Scarfo, Jr., the son of a jailed New Jersey mob boss.

In another case, an officer found child pornography on the laptop of a man who flew into Los Angeles International Airport from the Philippines. But a federal judge later suppressed the evidence, ruling that electronic storage devices are extensions of the human memory and should not be opened to inspection without cause.

That case did not hinge on a password, though.

Orin Kerr, a law professor and computer crime expert at George Washington University, said the distinction that favors the government in Boucher's case is that he initially cooperated and let the agent look at some of the laptop's contents.

"The government can't make you give up your encryption password in most cases. But if you tell them you have a password and that it unlocks that computer, then at that point you no longer have the privilege," he said.

Tien, the attorney with the Electronic Frontier Foundation, said a person's right to keep a password secret is a linchpin of the digital age.

Encryption is "really the only way you can secure information against prying eyes," he said. "If it's too easy to compel people to produce their crypto keys, it's not much of a protection."

[rf35]

"Because I''m really tired of seeing the law used to protect the guilty and to hell with the victim, I sure hope not."

Who is guilty? We are innocent until proven guilty. If I follow your thinking, as soon as someone is accused of a crime, they are guilty and would have to prove they were innocent in order to be released. That doesn''t sount very American.
I think Amendments IV and V apply here...the 5th in not giving up the password. The 4th applies in that the border agent should not have been trying to inspect the contents of the laptop without probable cause. Powering it on is different than looking through the files. The fact that he allowed the inspection in the first place only proves he is guilty of being a dullard, not a child porn trafficker.

[lorinkundert]

The Constitution is the Supreme law of the land, there are no exceptions.

[Wm3]

I would expect the "dodge" employed by the legal system to justify this distinction would be to say that a sample of breath or blood or urine for testing is not "testimonial" in nature, while speaking one's encryption key would be "testimonial" in nature, and therefore protected, while the former are not.

[jinxkity]

I find it interesting that reveiling an encrypted password is ''self-incriminating'' but forcing of a breathalizer or blood test to determine alcohol levels isn''t. Believe me, I''m not condoning drunk driving, but sobriety tests sure have the ring of one incriminating one''s self.

[marcpcbs]

"Does 5th Amendment Protect Porn Passwords?
An Encrypted Laptop Poses A Constitutional Dilemma In Vermont Child-Pornography Case"

Because I''m really tired of seeing the law used to protect the guilty and to hell with the victim, I sure hope not.

[klingon69]

In contrast, no way the child porn guy''''ll be forced to give up his password - 5A ought to protect him for sure. Given the highly disturbing sounding names of the files coupled with border agent testimony of his admission as to the contents that ought to be sufficient to convict, wouldn''''t you think?
Posted by SamTheTVCat at 02:19 AM : Feb 08, 2008
Not to convict. It does give probable cause. A filename is changeable, so just name wouldn''t be enough to convict.
Newsbots are used by millions to surf newsgroups. Some can be set to download any new pictures, songs...etc. It was stated in the article that he admited to downloading from newsgroups, and that sometimes childporn does get included in those downloads. I have used newsbots and never had that happen, but have had some weird pics downloaded. However there is little control on what another user posts to a newsgroup. Many are not monitored. However, I set what newsgroups I want it to peruse. I don''t just use a general dump.

[klingon69]

Personal property has numerous categories. Writing would be one, purchasing software would be another and owning a "laptop" another.
Posted by IOWEIGN at 10:35 PM : Feb 07, 2008
When you "purchase software" you are actually purchasing a licensing agreement (that page that pops up and asks you to accept or decline the agreement, the one most people don''t read). You do not "own" the software, you have a licensed agreement to use the software.

[lochlan-2009]

az97202- You mean you think you have nothing to hide. You have no idea what files are on your computer if it has been on the internet.

[runningralph]

Taxpayers can''t force a person to incriminate themselves but the case can still be tried before a jury. Accusations can be made, then the jury can decide. Property(computers) can be held in evidence. My bet would be on the taxpayers in this case. Foreigners can be deported. *** offenders can be sent to live under bridges- in this case under a Canadian bridge.

[excoachken]

The Constitution protects "the good, the bad, and the ugly." The Cowardly Cowboy may have to depend upon the very document he tried to destroy, when he is , eventually, taken to trial for his war lies!

[antoniof123]

I fail to understand your reasoning here. Are you saying all the Government has to do to gain a password is claim "national security"? We have lived through 7 long years of that kind of thinking and that''''s quite enough for me.


--------------------------------------------------------------------------------

Posted by MCVet at 06:33 AM : Feb 08, 2008

You are so right enough is enough. But breaking the password is not as simple as throwing a super computer. Depending on the encryption could prove next to impossible. I believe my calculation for 138 bit encryption came to 3.40282E+38 it would even be worst for 256 bit encryption 1.15792E 77. And of course there are other process that can be added to make breaking an encryption even harder.

But that was not the issue the issue was you are right MCVet we have had enough of the wing nuts runing this country and I see the light at the end of the tunnel.