Saturday, February 25, 2012

11th Cir. finds Fifth Amendment violation with compelled production of unencrypted files

The Eleventh Circuit held that compelled production of unencrypted files violates the Fifth Amendment as it would be testimonial, and the "foregone conclusion" doctrine does not apply. In Re Grand Jury Subpoena Duces Tecum Dated March 25, 2011, 671 F.3d 1335 (11th Cir. 2012).

The case began with a child pornography investigation after videos of underage girls were found on YouTube. Officers seized multiple external hard drives and determined that parts of them were encrypted using TrueCrypt (discussed here). A grand jury subpoena was issued to require production of an unencrypted copy, and the defendant refused to comply and was held in contempt.

Whether the production was testimonial was the key issue examined by the Eleventh Circuit. The government argued that "all it wanted Doe to do was merely to hand over pre-existing and voluntarily created files, not to testify." The court agreed, finding that the files alone are not testimonial. The act of production, on the other hand, "would sufficiently implicate the Fifth Amendment privilege."

The court reached this conclusion after finding that it would not be a physical act like providing a key for a safe, but "would require the use of the contents of Doe's mind. Also, the purported testimony was not a "foregone conclusion" because the government does not even know what is on the drive - it may be nothing. Neither do they know that Doe is capable of accessing the files.

Also, the court held that testimony could be compelled with sufficiently granted immunity, but that was not given to Doe. In order to compel the production, "use and derivative-use immunity" must be provided.

Certainly a key to this outcome is the way in which TrueCrypt works. When a volume is encrypted using this software, there is no way to tell whether the volume is full or empty without knowing (or breaking) the encryption key. Since breaking the key may take hundreds of years, it is likely impossible to know what, if any, files are on the drive through a forensics investigation. These drives could have contained millions of files, preventing the government from knowing with any specificity what was on it. Encryption for individual files (as opposed to an entire drive or partition), on the other hand, would likely not bring this same result.

This decision comes just days after the latest ruling in the related Fricosu case from the Tenth Circuit (read more here).


  1. Moral of story.. use TrueCrypt for drives you want to keep contents secret on and never give the prosecution anything unless you legally have to (regardless of innocence).