United States v. Boucher (and encryption)

Well this is definitely a case to watch as it appears it will go all the way to the Supreme Court. Here is the quick scenario.

The case arose when Kevin Boucher, a Canadian citizen with legal residency in the US, was traveling from Canada back to Vermont on December 17, 2006. He and his father were stopped by customs agents while crossing the border. A subsequent search of the laptop by an agent revealed adult porn and animations of adult and child porn. The key here is that the agent was able to access the files without a password.

After obtaining a subpoena on December 19, a Vermont Department of Corrections officer attempted to access the drive only to find that it was encrypted with PGP (Pretty Good Privacy).

Secret Service Agent Matthew Fasvlo, who has experience and training in computer forensics, testified that it is nearly impossible to access these encrypted files without knowing the password. There are no “back doors” or secret entrances to access the files. The only way to get access without the password is to use an automated system which repeatedly guesses passwords. According to the government, the process to unlock drive Z could take years, based on efforts to unlock similarly encrypted files in another case. Despite its best efforts, to date the government has been unable to learn the password to access drive Z.

Now, whether or not the kid has child porn in the encrypted drive is not the main point. He admitted to having porn and possibly child porn in his temp files. He actually allowed agents to view files, which prompted the initial arrest. The point here is whether the government can compel you to reveal a password – something that is in your mind. This has far-reaching implications on your rights under the 5th Amendment.

I’d have to say kudos to the kid for encrypting his drive in the first place. I cannot stress enough the importance of encrypting your data. Not that you need to worry about government snooping, but you should certainly be worried about theft of data. It is a very serious potential problem and disaster.

If you want to learn more about encrypting your data, hard drives, or email, contact me. Also look for upcoming blogs and tutorials on the methods that I use, including total disk encryption using TrueCrypt and email encryption using Gmail, Thunderbird, and Enigmail.

References:

Judge: Man can’t be forced to divulge encryption passphrase
http://www.news.com/8301-13578_3-9834495-38.html

Feds appeal loss in PGP compelled-passphrase case
http://www.news.com/8301-13578_3-9854034-38.html

DOJ: No comment on forcing encryption passphrases
http://www.news.com/8301-13578_3-9835392-38.html

In Child Porn Case, a Digital Dilemma
http://www.washingtonpost.com/wp-dyn/content/article/2008/01/15/AR2008011503663.html