Date: Wed, 2 Jul 1997 04:00:10 -0400 (EDT)
From: Black Unicorn <email@example.com>
Subject: Re: Supreme Court dicta on safe combinations
On Mon, 30 Jun 1997, Phil Karn wrote:
> I finally found the case that others have occasionally cited here as
> relating to the issue of whether the Fifth Amendment protects the
> compelled disclosure of cryptographic keys in a criminal context.
> The case is Doe v. United States, 487 U.S. 201 (1988). You can get the
> full opinion either by going to <http://www.findlaw.com/> and entering
> the citation, or you can enter the following lengthy URL:
> The case had to do with whether a grand jury could constitutionally
> compel the target of an investigation to sign a consent form
> authorizing a foreign bank to disclose its records. The Court held
> that signing the consent form was not "testimonial", so the Fifth Amendment
> did not apply.
> In other words, the majority held that signing a consent form did
> *not* explicitly admit knowledge of the foreign accounts. It merely
> granted consent to the banks to reveal any accounts in his name if in
> fact they existed. For that reason signing the form was "non
> testimonial" and therefore not protected by the fifth amendment.
Interestingly enough, this decision was the result of much form juggling
by the Justice Department. Consider this passage from my "Practical
Problems" essay some time ago:
Lately, clever prosecutors and private litigants have evaded the
testimonial hitch entirely by phrasing their consent forms in the
hypothetical, and not naming specific account names or numbers. The
Supreme Court upheld the order of contempt for a defendant refusing to
sign such a document. See, Doe v. United States, 108 S. Ct. 2341
(1988). The Court noted that the form was carefully drafted not to
make reference to a specific account, but only to speak in the
hypothetical. Compare the unconstitutional language of the In Re
Grand Jury form:
"I [witness], consent to the production to the [District Court and
Grand Jury] of any and all records related to any accounts held by, or
banking transactions engaged in with, [bank X], which are in the name
of, or on behalf of: [witness], if any such records exist."
with the now constitutional:
I, [witness], of the State of New York in the United States of
America, do hereby authorize and direct any bank, trust company, or
other financial institution located outside of the territorial United
States at which I have or have had an account of any kind, or at which
any corporation has or has had an account of any kind upon which I am
or have been authorized to draw, to disclose all information and
deliver copies of all documents of every nature in the possession or
control of such bank, trust company, or other financial institution
which relate to any such accounts, together with a certificate
attesting to the authenticity of any and all such documents, to any
agent or employee of the United States Government who presents a copy
of this Consent Directive which has been certified by the Clerk of the
United States District Court for the Northern District of New York to
such bank, trust company, or other financial institution, and this
Consent Directive shall be irrevocable authority for doing so. United
States v. A Grand Jury Witness, 811 F.2d 114 (2d Cir. 1987).
For more examples See also, United States v. Davis, 767 F.2d at 1040
(holding any problem of testimonial self-incrimination is solved by
such an order precluding use of directive as admission); In re Grand
Jury Proceedings, 814 F.2d at 795 (expressly approving of reasoning in
Davis); United States v. A Grand Jury Witness, 811 F.2d 114, 117 (2d
Cir. 1987); United States v. Cid-Molina, 767 F.2d 1131, 1132 (5th Cir
1985); United States v. Ghidoni, 732 F.2d 814, 818 (11th Cir.), cert.
denied, 469 U.S. 932 (1984); United States v. Browne, 624 F. Supp.
245, 248 (N.D.N.Y. 1985); United States v. Quigg, 48 A.F.T.R.2d 81-
5953, 5955 (D. Vt. 1981).
Even more importantly, the character of the "documents" themselves,
public or private, electronic or paper, would seem to be a factor
courts will refuse to consider. Fisher v. United States, 425 U.S.
391, 410-11 (1976) rejecting both an analysis based on the nature of
documents and privacy as the policy supporting the fifth amendment.
Some protection still exists. Many jurisdictions refuse to recognize
"consent" orders signed under judicial compulsion. See, In re ABC
Ltd., 1984 C.I.L.R. 130 (1984) (Grand Court of the Cayman
Islands)(Consent directives compelled under threat of contempt
sanctions do not constitute consent under Cayman Bank Secrecy Law); In
re Confidential Relationships (Preservation) Law, Law 16 of 1976,
Cause No. 269 of 1984 (Grand Ct. Cayman Islands July 24, 1984).
> While the language in Footnote 9 is encouraging, it seems to this
> legal layman that the issue of whether a court could compel the
> disclosure of a cryptographic key in a criminal investigation is still
> far from settled. I'm now beginning to understand Mike Godwin when he
> said that much may depend on whether the government already knows that
> you know the key, or whether you'd be implicitly admitting that you
> know it by divulging it.
And when one considers the obstruction or "willful spoilation of evidence"
angle of encrypting data which may reasonably become the subject of a
legal proceeding, things get even more complex. (Burying a gun you
suspect might someday become the subject of a, yet nonexistant,
investigation, is a felony).
> Consider a) the passphrase for a PGP key that has your name on it and
> b) the passphrase to a conventionally encrypted file. In the first
> case, the government could argue that because your name is on the
> public key used to encrypt some file, you must certainly know its
> passphrase. So revealing it would not be testimonial; it would be like
> giving up the key to a safe deposit box already known to be in your
> name. Of course, you could simply have forgotten your PGP passphrase,
> as seems to happen all too often, just as you could claim to have lost
> the safe deposit box key -- though safe deposit boxes are much more
> easily drilled open than strong ciphers.
Practially, you'll probably be held in contempt if you claim to have lost
your passphrase. I imagine you'll spend time in lockup until the judge
really believes you. (This may be a long time, depending on how good a
witness you are).
> The second case is more problematical for the government, though it
> might claim that you'd have no reason to waste disk space on an
> encrypted file for which you don't know the passphrase.
To which I would reply: "Well, I thought I might remember it again
> Two countermeasures seem appropriate: storing encrypted backups for
> others for which you don't have the key, and using conventional
> encryption, not public key encryption, for personal file storage.
Breaking the key up and giving half to a trustee in a jurisdiction with a
"blocking statute" which forbids fiduciaries to consider "consent
decrees." The Cayman Islands come to mind. This makes it "impossible"
for you to ever decrypt it without the trustee's involvement. It
(legally) makes it difficult to even jail you for contempt. (Using
jail as a contempt coersion to testify generally requires that some
reasonable liklihood of producing testomony exist. This method eliminates
-- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland Rebel Directive #7:Avoid soccer games when a government assault threatens.