Anyone here remember State v. Levie, 695 N.W.2d 619 (Minn.App. 2005) ?
In Levie, the defendant-appellant’s seized computer contained PGP, a cryptography program, which was inaccessible to the investigator. In rejecting Levie’s bid for a new trial, said the court, inter alia:
We find that evidence of appellant’s internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state’s case against him.
As a result, this case stirred waves in techie circles & blogs accross the nation and was unfairly characterized by journalists as, “Minnesota court takes dim view of encryption.” (See, e.g., here or here).
I posit that the case was unfairly mischaracterized because the inaccessible PGP archive, by itself, did not result in an adverse jury instruction and the totality-of-the-circumstances was the apparent standard adopted by the trial court. I.e., the record showed that Levie took a large number of pictures of a minor child with a digital camera and that he uploaded those pictures onto his computer soon after taking them. 695 N.W.2d at 624.
Prof. Orin Kerr came to a similar (albeit differently reasoned) conclusion in his blog post, The Myth of Crypto as a Crime:
Obviously, the idea that using encryption necessarily reflects criminal activity is rather silly; Internet users use encryption all the time for all sorts of legitimate reasons. As many critics of the new decision have noted, it makes no sense to see encryption as inherently linked to crime. But contrary to the blogospheric common wisdom, no court ever said it was.
[emphasis in original]. Kerr reasoned, instead, that the court regarded Levie’s use of PGP as evidence that he was a sophisticated computer user, which might explain why the police found no child pornography or nude child photos on his computer.
In cases like these, attorneys often may wonder, “Can a court force a defendant to give up his passphrase?” (side note: I always include, in routine e-discovery interrogatories that I prepare for my attorney-clients, specific requests for the passwords and password phrases to all encyrpted archives and other repositories containing potentially responsive ESI). This question is certain to arise more frequently in the near future, including in civil cases (and especially in domestic relations cases).1
To help answer that question, the U.S.D.C. for the District of Vermont court declined to compel a defendant to surrender his PGP passphrase, finding that compelling a defendant to surrender his PGP passphrase would violate his Constitutional right not to incriminate himself.
The case, In re Boucher, involved child pornography, as you might have expected. Yet, the case law involving the compulsory surrender of encryption passphrases is quite unsettled.
If this case is appealed, it has the potential of creating an important precedent.
___________________________
1 Unfortunately, perhaps, we should not be looking to domestic relations case law for guidance on issues of substantive constiutional law (such as the privilege against self-incrimination). See, e.g., David N. Heleniak, The New Star Chamber, 57 Rutgers Law Review no. 3 (Spring 2005), 1009, discussing the “due process fiasco” of family law and characterizing family courts “an area of law mired in intellectual dishonesty and injustice.” In the article, Heleniak identified six commonplace deprivations of fundamental due process: seizure of children and railroading innocent parents into jail through denial of trial by jury; denial of poor defendants to free counsel; denial of right to take depositions; lack of evidentiary hearings; lack of notice; and improper standard of proof). In family law, “the burden of proof may be shifted to the defendant,” according to a handbook for local officials published by the National Conference of State Legislatures.