Monday, March 2, 2009, 7:10pm
A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age.
In an abrupt reversal, U.S. District Judge William Sessions in Vermont ruled that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, does not have a Fifth Amendment right to keep the files encrypted.
The Fifth Amendment says nobody can be "compelled in any criminal case to be a witness against himself," which Magistrate Judge Jerome Niedermeier ruled in November 2007 prevented Boucher from being forced to divulge his passphrase to prosecutors.
Originally, the U.S. Department of Justice asked the magistrate judge to enforce a subpoena requiring Boucher to turn over "passwords used or associated with" the computer. In their appeal to Sessions, prosecutors narrowed their request and said they only want Boucher to decrypt the contents of his hard drive before the grand jury, apparently by typing in his passphrase in front of them.
At issue in this case is whether forcing Boucher to type in that PGP passphrase--which would be shielded from and remain unknown to the government--is "testimonial," meaning that it triggers Fifth Amendment protections. The counterargument is that since defendants can be compelled to turn over a key to a safe filled with incriminating documents, or provide fingerprints, blood samples, or voice recordings, unlocking a partially-encrypted hard drive is no different.