Awhile back we noted a case where Ramona Fricosu, a woman accused of involvement in a mortgage scam, was asked, following a law enforcement raid in which her laptop was seized, to decrypt data on the device for use as evidence, potentially incriminating her. She pleaded the 5th Amendment protection against self-incrimination and refused to comply. Now a federal judge in Colorado has ruled, in what may be a precedent-setting case, that Ms. Fricosu must provde the PGP passphrase needed to decrypt her laptop, .
In the past, the 5th Amendment defense has been a standard response to law enforcement requests to decrypt devices. Apparently, PGP Destop Encryption has proven more than trivial to decrypt without the passphrase, much to the chagrin of law enforcement bodies throughout the U.S. (and world). If a forced decryption ruling does prevail, the court will have more latitude to compel decryption of devices and data by an accused person, providing a stronger precedent for less fettered access to protected data, to the chagrin of many privacy pundits.
At its core, the argument harkens back to the “Lock vs. Safe” argument, where a strongbox key can be considered physical evidence, and therefore is subject to subpoena, but a combination to a safe can be considered a “product of the mind” and is, therefore, exempt from subpoena. In this case, Ms. Fricosu’s passphrase might be found to be a “product of the mind”, making it difficult to compel her to produce it.
It will also be interesting to note whether Ms. Fricosu will be “able to remember” the passphrase. If she were not, it would be difficult to determine whether or not she had simply forgotten, or only claimed to.
The Electronic Frontier Foundation (EFF) has spoken vociferously in the past about the issue, and can be expected to weigh in as the case progresses.
The case also speaks to the high level of security provided by PGP. We frequenty read news stories of organizations being hacked, but PGP protection seems to make data access – good or bad – much more difficult.
Protecting your digital information with strong encryption will make it much more difficult for bad guys to get at. Also, encrypting your data erects an additional barrier to unauthorized access. If someone gains access to your encrypted media you may be alerted to attempts to access it, since they would need the passphrase to do so.
Author Cameron Camp, ESET