Court: The state can force you to decrypt encrypted computer files in some cases

The Supreme Judicial Court ruled today that, in certain circumstances, ordering a criminal defendant to decrypt password-protected computer files is not a violation of his rights under federal and state rights against self incrimination.

The ruling comes in the case of a Marblehead lawyer charged with a $1.3-million mortgage fraud scheme. Leon Gelfgatt is charged with setting up bogus mortgage companies and then sent fake documents to mortgage closing attorneys saying the companies had taken over the mortgages and needed the balances of the mortgages transferred to the fake companies' banks.

The scheme didn't work and Leon Gelfgatt was arrested. But when state troopers asked him to decrypt the files on several computers, he refused, citing the Fifth Amendment and, according to the ruling, telling the troopers "they essentially were asking for the defendant's help in putting him in jail."

But Gelfgatt may not have been as smart as he might have thought and was possibly too chatty for his own good, the state's highest court ruled today.

Both the Fifth Amendment and Article 12 of the Massachusetts constitution relate to "testimonial" evidence that could be used against him. But in his case, the state already has the evidence that the decryption key could provide, thanks to what Gelfgatt allegedly told a state trooper during the investigation: He told the trooper he was in business with a particular company that required encrypted files and that he encrypted those files.

So while a forensic investigation of the computer hard drives could produce additional evidence of the alleged fraud, the state doesn't need the key itself to prove that Gelfgatt encrypted the files, the court said.

When considering the entirety of the defendant's interview with Trooper Johnson, it is apparent that the defendant was engaged in real estate transactions involving Baylor Holdings, that he used his computers to allegedly communicate with its purported owners, that the information on all of his computers pertaining to these transactions was encrypted, and that he had the ability to decrypt the files and documents. The facts that would be conveyed by the defendant through his act of decryption--his ownership and control of the computers and their contents, knowledge of the fact of encryption, and knowledge of the encryption key--already are known to the government and, thus, are a "foregone conclusion." The Commonwealth's motion to compel decryption does not violate the defendant's rights under the Fifth Amendment because the defendant is only telling the government what it already knows.

Complete ruling, Commonwealth vs. Leon I. Gelfgatt



    Free tagging: 


    Interesting next step

    By on

    I wouldn't be surprised to see this one go to the Supreme Court, although I think they'll uphold the SJC on this one. Here's some background on the topic of decryption and the 5th.

    Makes me want to encrypt my computers with a system that has 2 passwords: one to unencrypt for use and one to trigger an erase sequence. "Sure, let me just type that in for you officers..."

    Then you'd get hit with

    Then you'd get hit with destruction of evidence.

    What's stopping someone from just saying they forgot the password? You can't exactly prove that

    Only if they can already compel me to give them the password

    By on

    If what is on there is a "foregone conclusion" (they know it by other means) then, yes, it would be an interesting obstruction/destruction of evidence case for them to try.

    However, if they are asking me to decrypt it hoping I don't apply the 5th Amendment, then I can use my erase password without worry since they have no way to know what, if anything, I destroyed. Otherwise, they would have compelled me instead of requested for me to make it available to them.

    Thanks for the info

    By on

    I hope you didn't infringe anyone's copyrights in sharing :-)

    Will go out on a limb and say no

    By on

    Because that case involved search warrants for data on a phone, and I think Massachusetts residents were already protected from warrantless phone-record searches under Article 12. Earlier this year, in fact, the SJC ruled police needed a warrant just to get phone-call location data.


    By on

    the state already has the evidence (emphasis added) that the decryption key could provide, thanks to what Gelfgatt allegedly told a state trooper during the investigation:

    So, explain again why they need the files to be decrypted in the first place?

    The whole choice of words

    By on

    The whole choice of words "forgone conclusion" & "does not violate the defendant's rights under the Fifth Amendment because the defendant is only telling the government what it already knows." is pretty chilling.

    So a defendant hasn't had a trial yet and the state has decided "forgone conclusion" that the defendant is guilty and not merely accused of being guilty? What ever happened to presumption of innocence?

    Like the case states

    By on

    He verbally told them "I do dealings with Company X. Company X requires that I encrypt their files on my machine. The files I keep in my dealings with Company X are on my machine encrypted with a password that I use to access them.".

    Maybe "already has the evidence" is poorly phrased. They have evidence that there's evidence there. They have to establish that they know more about the contents behind the encrypted wall than "maybe it's useful to us" in order to have a "foregone conclusion" that violates his right to not self-incriminate. He opened the door once he told them there are files there that they have determined will help convict him. They now need the decrypted version to provide it as evidence in court, since evidentiary rules require it to be decoded into plain English to be considered evidence.

    It is the same way that they can compel a bank to open your safe deposit box without needing you if they have been able to determine ("I keep the gun in a safe deposit box at the bank") that the evidence exists and they require access to it. What they can't do is go fishing in your safe deposit box ("I bet he keeps the gun at his safe deposit box in the bank"), just like they can't go fishing on your hard drive if it's encrypted.

    This is not an easy

    This is not an easy explanation but I'll try. In a nutshell, the 5th Amendment protects an individual from having to give self-incriminating evidence of a "testimonial" nature to the government. That usually means what it sounds like - an individual cannot be forced to speak or write something that hurts his case. But evidence like a blood sample, for example, is not considered testimonial so the government can compel a blood test in certain situations since your blood type is your blood type basically.

    Normally, decrypting this material would be considered a form of self-incriminating "testimony" and protected by the 5th Amendment, since by decrypting the guy is essentially admitting he possesses what is there and knows how to decrypt it. But there is also an exception where the evidence to be obtained is considered a "foregone conclusion" (a specific legal term) because the government has sufficiently shown already it knows what is there through other means. In this instance, the guy coughed up all the info already in a police interview so the "foregone conclusion" exception applied and he lost his 5th Amendment protection specific to this evidence.

    Shorter version: the guy already spilled the beans.

    What if there is additional

    By on

    What if there is additional evidence of unknown crimes uncovered by this? Isn't that then violating a person's 5th? How does the government know for sure that it "knows" what the evidence is until it has it in hand? This ruling seems like it is opening a door for fishing expeditions.

    There's precedent for this

    (I am not a lawyer and this is not legal advice....)

    This case would appear to be similar to In re Boucher. However, that case involved a search of a non-US citizen incident to a border crossing, where ICE has much broader latitude to search people than is given to police generally, and there's a diminished expectation of Constitutional protections. It was also the case that ICE had the evidence of the crime in their possession at one point: a laptop with an actual image on it, which they had an opportunity to observe. They weren't simply going off a person's statement that the laptop *might* contain evidence.

    The legal question is this: is your encryption passphrase a physical thing, like a lockbox key, or is it a construct of your mind, like a safe combination? Previous case law has held that you can be compelled to give up a physical thing, like a lockbox key, but not to reveal something that's a construct of your mind, like a safe combination.

    This decision is also contrary to U.S. v. Doe (2012), in which the the Eleventh Circuit held that decryption was a privileged, testimonial act which could not be compelled.

    Clouding the whole issue is the fact that the defendant's big mouth disclosed the fact that the incriminating documents existed. Yet another example of why you should never talk to the police.

    I expect SCOTUS to rule on this at some point in the near future. Probability of review is high when you have conflicting decisions from different U.S. Circuits.