Encryption vs. Fifth Amendment
The Fifth Amendment to the United States Constitution states:
“No person . . . shall be compelled in any criminal case to be a witness against himself.”
Known as the prohibition against self-incrimination, this clause of the Fifth Amendment is commonly asserted by defendants in criminal trials. While its applicability in those contexts is quite settled, the Fifth Amendment’s place in the realm of computerized encryption is still a bit murky.
Generally, the Right against Self-Incrimination
A criminal defendant must demonstrate three factors to successfully assert their right against self-incrimination under the Fifth Amendment: (1) compulsion, (2) a testimonial communication or act, and (3) incrimination. See Fisher v. United States, 425 U.S. 391, 408 (1976).
The former and latter are simple enough to demonstrate. When a defendant is subpoenaed to act, the act is compelled. And an act is incriminating if the act exposes that person to criminal liability.
The salient question for the Fifth Amendment and the right against self-incrimination, especially within the context of technology, is whether compelling a defendant to act constitutes a “testimonial” act.
An act is testimonial when the government compels an individual to use “the contents of his own mind to explicitly or implicitly communicate some statement of fact” which allows law enforcement to learn facts it didn’t already know. United States v. Doe (In re Grand Jury Subpoena Duces Tecum), 670 F.3d 1335, 1345 (11th Cir. 2012) (internal citations omitted).
For example, being required to provide your fingerprint (or a DNA sample) pursuant to a legally obtained warrant or probable cause is not a testimonial act because you are not revealing “the contents of your mind.” Thus, you would be unable to assert your right against self-incrimination when you’re being fingerprinted. See generally Schmerber v. Cal., 384 U.S. 757, 764 (1966).
The same is true for being compelled to unlock a safe with a physical key because it can not be correctly considered “the contents of your mind” and therefore it is not a testimonial act. Doe, 670 F.3d at 1345.
On the contrary, revealing the combination to a safe is a testimonial act because the combination to a safe constitutes the “contents of [a person’s] own mind.” Further, producing the combination to a safe explicitly or implicitly communicates a statement of fact that allows law enforcement to learn facts it didn’t already know. Therefore, providing the combination to a safe is a testimonial act that is protected by the Fifth Amendment. Id. at 1346.
Encryption and the Right against Self-Incrimination
Extending the Doe safe analogy works well for encryption. But when it comes to encryption, using the terms “key” and “combination” may become confusing to the uninitiated. So, before continuing, it’s worth clarifying that technically speaking encryption “keys” are actually “combinations” that help a computer program decipher the contents of a file or disk. An encryption key is not a physical “key” that opens a lock. Rather it is a combination that provides the instructions to decipher the contents of a file or disk. As such the term encryption “key” is a misnomer. However, historically, the “combinations” that are used to encrypt computer files have often been referred to as encryption “keys.”
But it doesn’t matter much what they’re called. What matters is that the Fifth Amendment applies to the compelled act of production of encryption keys because, as the content of a person’s mind, law enforcement would be learning new facts beyond simply the encryption key itself. So, like the production of a combination to a safe, the production of an encryption key is a “testimonial act” by a defendant of their knowledge of the existence and location of potentially incriminating files, and their control and dominion of the encrypted files.
Therefore, a defendant can properly assert their Fifth Amendment right against self-incrimination when being forced to decrypt files on a computer or a disk. But, there’s ways law enforcement can legally get around the Fifth Amendment using the foregone conclusion doctrine.
[…] discussed in a previous post, this covers encryption of computers when the encryption “key” is a password since […]