I’ve always felt that being forced by a court to unlock a safe or decrypt a computer drive was a violation of the 5th Amendment’s protection against self-incrimination. Whether you produce a physical key/combination or a password is irrelevant in my mind. It seems that the EFF feels the same way. The case of Francis Rawls brings this issue to the forefront and also highlights an interesting peer-to-peer network called Freenet. Mr. Rawls is being held indefinitely on contempt of court charges for refusing to decrypt his two external hard drives.
Since I’m not a lawyer I won’t try to hash out complex legal issues. The legal issues are laid out here and you can read them for yourself. The EFF filed a friend-of-the court brief in this case that states their position on the issue. Read it if you so choose. My take-a-ways are these:
1. The courts and the law need to recognize that technology has changed how we humans interact with one another, with how we order our lives, and how we store our private and personal papers, thoughts, and inner most secrets. We have moved into a digital world while the law is still stuck in the old world of physical keys, hard copy papers, and physical vaults. In the case of forced decryption you must use the contents of your mind to render intelligible what is currently unintelligible (encrypted data). I view this as a 5th Amendment violation. In my opinion the law needs to catch up to the way we currently use encryption to protect the important contents of our lives which are now kept on computers and smartphones. It needs to bring 18th, 19th, and 20th century civil rights protections into the 21st century.
2. What if you really do forget your password? Can you really rot in jail in the USA for years on end without a trial? What if someone plants an encrypted device on your person or property and tips off the police that you’re hiding illegal content? That could get very ugly very fast. Even if you are eventually cleared you may still loose your job and reputation.
3. In my opinion peer-to-peer networks like Freenet can give a false sense of security to people and lead to disastrous consequences. If you are conducting sensitive activities and aren’t using the anonymity of the Tor network then you are making a mistake. The case of Mr. Rawls begs the question - if Freenet is so secure and anonymous how did Mr. Rawls get caught? To quote from the site itself:
Communications by Freenet nodes are encrypted and are routed through other nodes to make it extremely difficult to determine who is requesting the information and what its content is.
Users contribute to the network by giving bandwidth and a portion of their hard drive (called the “data store”) for storing files. Files are automatically kept or deleted depending on how popular they are, with the least popular being discarded to make way for newer or more popular content. Files are encrypted, so generally the user cannot easily discover what is in his datastore, and hopefully can’t be held accountable for it. Chat forums, websites, and search functionality, are all built on top of this distributed data store.
Note the sentence - “Files are encrypted, so generally the user cannot easily discover what is in his datastore, and hopefully can’t be held accountable for it.” Hopefully???? Really??? ‘Hopefully’ you won’t be held accountable for someone else’s illegal content?????? ‘Hopefully’ you won’t go to prison for decades because of someone else’s stuff?? WTF?? Based on that sentence alone I would never install such software on my computer. Folks, I can’t tell you what to do but please use some common sense when engaging in sensitive, anonymous activity, whether you’re a dissident, journalist, student, or member of a vulnerable group. Anonymity is hard and if you let others put something on your computer you may be called to account for it. Knowing what’s on your computer and keeping it safe can be the difference between life in the real world and life in prison.