The Supreme Judicial Court ruled today that, in certain circumstances, ordering a criminal defendant to decrypt password-protected computer files is not a violation of his rights under federal and state rights against self incrimination.
The ruling comes in the case of a Marblehead lawyer charged with a $1.3-million mortgage fraud scheme. Leon Gelfgatt is charged with setting up bogus mortgage companies and then sent fake documents to mortgage closing attorneys saying the companies had taken over the mortgages and needed the balances of the mortgages transferred to the fake companies' banks.
The scheme didn't work and Leon Gelfgatt was arrested. But when state troopers asked him to decrypt the files on several computers, he refused, citing the Fifth Amendment and, according to the ruling, telling the troopers "they essentially were asking for the defendant's help in putting him in jail."
But Gelfgatt may not have been as smart as he might have thought and was possibly too chatty for his own good, the state's highest court ruled today.
Both the Fifth Amendment and Article 12 of the Massachusetts constitution relate to "testimonial" evidence that could be used against him. But in his case, the state already has the evidence that the decryption key could provide, thanks to what Gelfgatt allegedly told a state trooper during the investigation: He told the trooper he was in business with a particular company that required encrypted files and that he encrypted those files.
So while a forensic investigation of the computer hard drives could produce additional evidence of the alleged fraud, the state doesn't need the key itself to prove that Gelfgatt encrypted the files, the court said.
When considering the entirety of the defendant's interview with Trooper Johnson, it is apparent that the defendant was engaged in real estate transactions involving Baylor Holdings, that he used his computers to allegedly communicate with its purported owners, that the information on all of his computers pertaining to these transactions was encrypted, and that he had the ability to decrypt the files and documents. The facts that would be conveyed by the defendant through his act of decryption--his ownership and control of the computers and their contents, knowledge of the fact of encryption, and knowledge of the encryption key--already are known to the government and, thus, are a "foregone conclusion." The Commonwealth's motion to compel decryption does not violate the defendant's rights under the Fifth Amendment because the defendant is only telling the government what it already knows.