[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: You can be forced to turn over your encryption keys?



At 10:33 AM -0400 10/7/96, Geoffrey C. Grabow wrote:
>I thought we had a 5th amendment.  Isn't turning over your key that may (or
>may not) expose encriminating evidence an extension of self-encrimination?
>Haven't there been dozens of famous witnesses (Patty Hurst, Oliver North,
>etc) that "take the 5th" dozens of times on the stand.  Why couldn't I
>"take the 5th" when asked for my encryption keys?  When asked for your key,
>can't you say: "I'm sorry your honor, but I respectfully refuse to answer
>that question on the grounds that it may incriminate me.".
>
>Any legal-eagles out there?

Though IANAL, I know of many, many discussions of this question. So far as
I know, it remains one of The Great Unresolved Questions.

Mike Godwin has written on this, so a Web search might turn up some
archived articles. It came up several times on the Cyberia list when I was
on it, but those archives are spotty (in terms of availabilty to Web
spiders).

My Cyphernomicon FAQ also has this to say: (presented in outline form)

 10.3.4. "Can authorities force the disclosure of a key?"
           + Mike Godwin, legal counsel for the EFF, has been asked this
              queston _many_ times:
             - "Note that a court could cite you for contempt for not
                complying with a subpoena duces tecum (a subpoena
                requiring you to produce objects or documents) if you
                fail to turn over subpoenaed backups....To be honest, I
                don't think *any* security measure is adequate against a
                government that's determined to overreach its authority
                and its citizens' rights, but crypto comes close." [Mike
                Godwin, 1993-06-14]
           + Torture is out (in many countries, but not all). Truth
              serum, etc., ditto.
             - "Rubber hose cryptography"
           + Constitutional issues
             - self-incrimination
           + on the "Yes" side:
             + is same, some say,  as forcing combination to a safe
                containing information or stolen goods
               - but some say-and a court may have ruled on this-that
                  the safe can always be cut open and so the issue is
                  mostly moot
               - while forcing key disclosure is compelled testimony
             - and one can always claim to have forgotten the key
             - i.e., what happens when a suspect simply clams up?
             - but authorities can routinely demand cooperation in
                investigations, can seize records, etc.
           + on the "No" side:
             - can't force a suspect to talk, whether about where he hid
                the loot or where his kidnap victim is hidden
             - practically speaking, someone under indictment cannot be
                forced to reveal Swiss bank accounts....this would seem
                to be directly analogous to a cryptographic key
             - thus, the key to open an account would seem to be the
                same thing
             - a memorized key cannot be forced, says someone with EFF
                or CPSR
           + "Safe" analogy
             + You have a safe, you won' tell the combination
               - you just refuse
               - you claim to have forgotten it
               - you really don't know it
             - cops can cut the safe open, so compelling a combination
                is not needed
             - "interefering with an investigation"
           - on balance, it seems clear that the disclosure of
              cryptographic keys cannot be forced (though the practical
              penalty for nondisclosure could be severe)
           + Courts
             + compelled testimony is certainly common
               - if one is not charged, one cannot take the 5th (may be
                  some wrinkles here)
               - contempt
           + What won't immunize disclosure:
             + clever jokes about "I am guilty of money laundering"
               - can it be used?
               - does judge declaring immunity apply in this case?
               - Eric Hughes has pointed out that the form of the
                  statement is key: "My key is: "I am a murderer."" is
                  not a legal admission of anything.
             - (There may be some subtleties where the key does contain
                important evidence--perhaps the location of a buried body-
                -but I think these issues are relatively minor.)
           - but this has not really been tested, so far as I know
           - and many people say that such cooperation can be
              demanded...
           - Contempt, claims of forgetting
   10.3.5. Forgetting passwords, and testimony
           + This is another area of intense speculation:
             - "I forgot. So sue me."
             - "I forgot. It was just a temporary file I was working on,
                and I just can't remember the password I picked." (A less
                in-your-face approach.)
             + "I refuse to give my password on the grounds that it may
                tend to incriminate me."
               + Canonical example: "My password is: 'I sell illegal
                  drugs.'"
                 - Eric Hughes has pointed out this is not a real
                    admission of guilt, just a syntactic form, so it is
                    nonsense to claim that it is incriminating. I agree.
                    I don't know if any court tests have confirmed this.
           + Sandy Sandfort theorizes that this example might work, or
              at least lead to an interesting legal dilemma:
             - "As an example, your passphrase could be:

                        I shot a cop in the back and buried his body
                under
                        the porch at 123 Main St., anywhere USA.  The gun
                is
                        wrapped in an oily cloth in my mother's attic.

                "I decline to answer on the grounds that my passphrase is
                a statement which may tend to incriminate me.  I will
                only give my passphrase if I am given immunity from
                prosecution for the actions to which it alludes."

                "Too cute, I know, but who knows, it might work." [S.S.,
                1994-0727]


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."