Protecting privacy through a responsible decryption policy.

• Author: Ungberg, Andrew J.

TABLE OF CONTENTS I. INTRODUCTION II. ENCRYPTION III. DOCUMENT PROTECTION AND THE ACT OF PRODUCTION DOCTRINE A. The Doctrine Today B. Encryption Does Not Fit Neatly into the Act of Production Doctrine C. The Future of Encryption Analyzed Under Document Production: Government "Hover" Orders IV. FINDING THE FIFTH AMENDMENT BALANCE A. Balancing the Purposes and Practical Realities of the Fifth Amendment Privilege B. A Responsible Decryption Policy V. CONCLUSION I. INTRODUCTION

In late December 2006, Sebastien Boucher crossed into Vermont from Canada. (1) At the border, customs officials inspected Boucher's car and found a laptop in the back seat. (2) A customs agent accessed the computer without entering a password and initiated a search for media files; the query returned tens of thousands of images. (3) Later, a special agent continuing the investigation found "thousands of images of adult pornography and animation depicting adult and child pornography." (4)

At this point, Boucher was detained, read his Miranda rights, and questioned by the agents. (5) At their request, Boucher showed the investigators where his downloaded files were located on the laptop. (6) The agents did not see Boucher enter any password in order to access the files, which were maintained on a hard drive designated as drive. (7) After the agents found several pornographic images and videos of children, they seized the laptop and arrested Boucher. (8)

Several days later, officers accessed the laptop and created a mirror image of the hard drive, yet they were unable to access drive Z because it was protected by an encryption algorithm. (9) An agent versed in computer forensics examined the drive and later testified that it would be virtually impossible to access the files, (10) as it would take years to unlock the drive without a password. (11) The grand jury subpoenaed Boucher, demanding that he "provide all documents, whether in electronic or paper form, reflecting any passwords used or associated with the [computer in question]." (12)

Boucher resisted the subpoena, stating that it violated his Fifth Amendment right against self-incrimination. (13) Initially, Magistrate Judge Niedermeier found that forcing Boucher to disclose the password would effectively compel him to testify against himself (14) and quashed the subpoena. (15) Although Chief Judge Sessions later overturned that decision, (16) the original order would have left law enforcement agents unable to catalogue or present as evidence the illegal pornography they knew Boucher possessed. (17)

Boucher is hardly the first time the government has grappled with the seemingly modern issue of data encryption. In 1776, then General George Washington discovered his Chief of Hospitals was sending coded letters to the British concerning the colonial army's supply levels and troop movements. (18) During Aaron Burr's trial for treason in the early 1800s, prosecutors requested that his secretary decipher Burr's personal correspondence, only to have the secretary refuse on Fifth Amendment grounds. (19) However, in each of these cases the government was able to recover the sought-after information simply by breaking the encryption code. (20) Today, the widespread availability of powerful encryption software guarantees that law enforcement will increasingly confront this problem without the ability to break the code in a reasonable amount of time.

Although Chief Judge Sessions permitted law enforcement access to the encrypted files, his ruling depended largely on the fact that Boucher had already voluntarily provided agents with access. (21) Absent this fact, law enforcement would be left facing practically unbreakable encryption with no reasonable recourse to secure important evidence. (22) This Note argues that the magistrate judge's analysis in Boucher I mischaracterizes the encryption issue. Consequently, the analysis leads to judgments like the court's initial order in Boucher I. Such rulings create incentives for the government to press the boundaries of its police power and to develop law enforcement methods that rely on invasive covert surveillance, which ultimately represents a greater threat to individual privacy than the government's attempt to compel computer decryption.

This Note suggests that a wiser approach would involve creating a procedure by which the government could gain access to encrypted information under judicial oversight and with reasonable protections for individual privacy. Part II briefly discusses encryption and the capabilities of modern encryption software, as well as the practical limitations faced by law enforcement when confronting encrypted data. Part III examines the act of production doctrine, the system of analysis used by the magistrate judge in Boucher I, and ultimately suggests that it proves an inadequate tool for resolving the encryption issue. Part IV reviews both the Fifth Amendment's animating purposes and the compromises struck between the needs of law enforcement and the protection of individual privacy. It then suggests desirable features of a new decryption policy and proposes a modified search warrant requirement and statutory civil remedy for abuse of the process. Part V concludes.

2. ENCRYPTION

   Cryptography, the study and practice of encryption, has existed in some form for nearly 4000 years. (23) Encryption is the process of concealing information, and all such systems have several similar characteristics. At its most basic level, encryption involves transforming information or data, called "plaintext," into a coded form that cannot be understood by outsiders. (24) The process is performed according to the encryption algorithm, a set of rules that governs how the plaintext is transformed. (25) While this can be as simple as substituting each letter in a message with a corresponding number, (26) modern encryption algorithms often consist of a complex series of mathematical functions. (27) Regardless of the manner of encryption, the result is that the plaintext is made unintelligible to outsiders. (28) e ability to conceal information from outsiders makes encryption an attractive tool for criminals, especially when their schemes involve recordkeeping or sending secured communication between coconspirators.

   Encryption must be reversible in order to be useful as a method of storing or sending secured information. Most modern encryption systems employ a key that must be applied to the chosen encryption algorithm to recover the plaintext. (29) Today's keys consist of a lengthy string of numbers because of their foundation in complex mathematics. (30) The keys can consist of hundreds of numbers, but for ease of administration some modern encryption programs tie a key to a chosen password, such that entering a password into the system is functionally identical to entering the long key. (31)

   Law enforcement agents seeking to recover coded information employ "cryptanalysis," the study of breaking and bypassing encryption. (32) Encryption systems generally have three main areas of vulnerability. (33) First, an outsider might try entering every possible key for the system--this is known as a "brute-force" attack and, depending on the complexity of the system, can require an extraordinary amount of time and resources. (34) Broadly speaking, the longer the key, the more time is needed to break the encryption. (35) Second, an outsider might analyze the underlying algorithm, looking for weaknesses or patterns in the mathematics that allow him to make educated guesses about the process. (36) In this way, the outsider can partially "solve" the algorithm and reduce the amount of time required to break the encryption by trying only those keys that his analysis suggests might be successful. This method is faster than a brute-force attack, but such analysis of modern encryption software would require an advanced understanding of theoretical mathematics and computer science. (37) Third, an outsider might steal the key to yield the plaintext; the encryption is only as secure as the secrecy of its key. (38)

   The primary problem for law enforcement is the fact that modern encryption software is extremely difficult to break. For example, a brute-force attack on the widely available PGP encryption suite could take billions of years. (39) Furthermore, the underlying algorithms are incredibly complex, and "solving" them is far beyond realistic capabilities of law enforcement. (40) Practically speaking, encryption today is impenetrable insofar as it cannot be bypassed by available means within a reasonable amount of time. In the face of such encryption, often the government's only recourse is to obtain the password from the suspect himself. As in the Boucher case, this option almost certainly invites a Fifth Amendment challenge, as courts have conceived of compelled computer decryption as falling under the act of production doctrine.

3. DOCUMENT PROTECTION AND THE ACT OF PRODUCTION DOCTRINE

   In relevant part, the Fifth Amendment reads, "[n]o person ... shall be compelled in any criminal case to be a witness against himself." (41) The act of production doctrine is an offshoot of this privilege that protects the accused from having to hand over incriminating personal writings to investigators. Judges have handled compelled data decryption under the umbrella of this doctrine largely because they have analogized an encrypted hard drive to a virtual wall safe from which the accused is asked to remove incriminating papers. (42)

   The basis for the doctrine was first introduced in Boyd v. United States, in which the Supreme Court extended Fifth Amendment protection to incriminating writings made by the defendant's hand. (43) In Boyd, the government issued subpoenas for the defendant's business invoices during a smuggling investigation and later used the invoices to convict him at trial. (44) The Court reversed and read the Fifth Amendment broadly, holding that...