The Fifth Amendment limits on forced decryption and applying the ‘foregone conclusion’ doctrine
e U.S. Court of Appeals for the 3rd Circuit has a case pending on the Fifth Amendment limits of forcing a suspect to enter his password to decrypt a computer. The case provides an opportunity for the 3rd Circuit to correct an error in the 11th Circuit’s treatment of the same question, specifically on how to apply the “foregone conclusion” doctrine to an order requiring decryption of a storage device. Given the importance of the issue, I want to explain the issue, show where the 11th Circuit got it wrong, and explain what I think the right analysis should be. I. The Facts I’ll start with a short summary of the facts in the pending case as found in the government’s brief and the defense brief. The suspect, referred to in the briefs only as “John Doe,” is a Philadelphia police officer. (News reports have named him as Francis Rawls, but I’ll stick with “John Doe” to be consistent with the briefs.) Doe is believed to have used a peer-to-peer network to download a lot of child pornography from the Internet. Investigators were able to decrypt Doe’s Apple computer without Doe’s help pursuant to a search warrant. A search of the computer revealed evidence that Doe had accessed more than 20,000 files with child-porn-related file names and then stored the files on two external hard drives that were connected to Doe’s computer when the government seized them. This case is about the government’s access to the two external hard drives. The drives are encrypted, and investigators have been unable to decrypt them. The government obtained a search warrant to search the two hard drives as well as a supplemental order under the All Writs Act ordering Doe to decrypt them. Doe was then taken to a government computer lab where the drives were connected to a computer, and he was told to enter in the passwords to decrypt his hard drives. Doe claimed that he was unable to comply with the order because he did not remember the passwords. Prosecutors believed that Doe was lying, and they asked the district court to review Doe’s refusal to comply with the order. After a hearing into the facts, the details of which I will skip here, the district judge concluded that Doe was pretending not to know the passwords and that Doe did not have a valid Fifth Amendment privilege against complying with the All Writs Act order. The judge found Doe to be in civil contempt and ordered him taken into custody until he agrees to enter the passwords. Doe is now in custody while the case is on appeal to the 3rd Circuit. II. The Arguments on Appeal Doe has appealed the civil contempt order to the U.S. Court of Appeals for the 3rd Circuit and now makes two arguments against its legality. The first argument, which strikes me as very weak, is that the government should be required to use a grand jury subpoena instead of a search warrant and supplemental All Writs Act order to compel Doe to decrypt the computers. This argument makes little sense to me; the government’s brief does a pretty good job explaining its problems. This is a long post already, so I’ll skip the details. The second argument is more interesting and important. Doe argues that the Fifth Amendment gives him a privilege not to comply with the court’s order. Forcing him to enter his password and decrypt his computers is forcing him to testify against himself, he argues. Specifically, it is making him testify that he knows the password, which will help the government establish possession of the contents of the two hard drives. This is testimonial, Doe argues, because the passwords are the contents of his mind. And it is incriminating, Doe argues, because it will lead to the entire contents of his hard drives. So far, so good. Now we get to the tricky part. Doe next argues that the “foregone conclusion” doctrine cannot apply. The foregone conclusion doctrine teaches that if the government already knows the testimony implicit in an act, then the Fifth Amendment does not bar the act. Doe first argues that the foregone conclusion doctrine cannot apply to decryption generally because decrypting a computer by entering in a passcode is categorically not like handing over a paper document in response to a court order. Because the government wants access to the entire computer, not just one file, the doctrine should not apply. This argument doesn’t work because the Fifth Amendment issue is focused on the testimony implicit in the suspect’s act. Whether that act involves one file or billions, it’s the same act. So the real question is how the foregone conclusion doctrine should apply to decryption, not whether it should apply at all. That brings us to the heart of the issue: How does the foregone conclusion doctrine apply to an order to decrypt? Doe argues that the doctrine cannot apply because the government does not know with “reasonable particularity” what the specific files are on the hard drives that the government believes are evidence. As Doe sees it, ordering him to enter his password is like making him hand over all of his files in a massive fishing expedition. The government can’t do that, Doe contends, unless the government already knows which incriminating files are on the computers. And even if the government can show knowledge of one or more specific incriminating files on the hard drives, the government has no right to access any other incriminating files that are not already known to the government. III. The 11th Circuit’s Precedent Doe’s position relies in large part on an 2012 11th Circuit decision by Judge Tjoflat, In re Subpoena Duces Tecum, that applied the foregone conclusion doctrine in a somewhat similar way. In the 11th Circuit case, the court ruled that a suspect had a valid Fifth Amendment privilege against being forced to decrypt his computer when the government didn’t know what if anything was hidden in the suspect’s encrypted drives. Judge Tjoflat summarized the “foregone conclusion” doctrine as follows ” [U]nder the “foregone conclusion” doctrine, an act of production is not testimonial — even if the act conveys a fact regarding the existence or location, possession, or authenticity of the subpoenaed materials — if the Government can show with “reasonable particularity” that, at the time it sought to compel the act of production, it already knew of the materials, thereby making any testimonial aspect a “foregone conclusion.” Under that understanding of the foregone conclusion doctrine, it did not apply because the government did not know with “reasonable particularity” what materials would be found on the computer were the files decrypted ” [W]e simply do not know what, if anything, was hidden based on the facts before us. It is not enough for the Government to argue that the encrypted drives are capable of storing vast amounts of data, some of which may be incriminating. In short, the Government physically possesses the media devices, but it does not know what, if anything, is held on the encrypted drives.” IV. The Right Way to Apply the Foregone Conclusion Doctrine Finally we get to the heart of the post: I think the 11th Circuit misunderstood how the foregone conclusion doctrine should apply. As I understand it, the foregone conclusion doctrine asks if the testimony inherent in the act was already known to the government. If all of the testimony inherent in an act of compliance is already known to the government, then that testimony is a foregone conclusion and the Fifth Amendment is no bar. The foregone conclusion doctrine thus limits the Fifth Amendment protection to cases in which the government is trying to use the target’s testimony to convict him. This means that applying the foregone conclusion doctrine requires focusing on what the suspect is being ordered to do and what testimony is implied in that particular act. Once you specify what testimony is implicit in an ordered act, you can then ask whether the factual statement in that testimony is a foregone conclusion. When a suspect is given a computer with a password prompt and is ordered to decrypt its contents by entering in the password, the testimony implicit in the act is pretty simple: “I know the password.” If you know the password, you can enter it. If you don’t know the password, you can’t. Importantly, knowing the password doesn’t mean that you know what files are stored on the computer. It’s not the equivalent of an act of identifying the computer’s contents. It only means that you know the password. For example, I know the passcode to my sister’s smart phone because I briefly needed it at a recent family event. I asked my sister for her passcode, and she told me. If a court issued an order requiring me to enter it in to her phone, I could comply, at least assuming the passcode hasn’t changed in the last month. But the only thing I know about my sister’s phone is its passcode. I have no idea what files are stored inside the phone. To know whether entering a password implies testimony that is a foregone conclusion, the relevant question should therefore be whether the government already knows that the suspect knows the password. For any particular computer, it’s common for only one or two people to know the password. If the government knows from other sources that the suspect is one of those people for a particular device, then the foregone conclusion should apply and the Fifth Amendment shouldn’t be a bar. You end up with a pretty simple Fifth Amendment rule. On one hand, the government can’t make you enter in the password if that is how they make the case that you know it. On the other hand, if the government already knows that you know the password, you can be required to enter it in without a Fifth Amendment bar. V. The 11th Circuit’s Error In my view, the 11th Circuit’s error was failing to see the big difference between two different kinds of cases. In prior cases like Fisher and Hubbell, the government had issued subpoenas describing documents that the suspect had to turn over. The testimony implicit in compliance with such subpoenas is very different from the testimony implied by entering in a password. Here’s a hypothetical to explain what I mean. Imagine a court order says you must “hand over records of your tax fraud crimes from 2013 to the present.” Assume that if you comply, you will go home and come back with a box of records. There is a lot of testimony implicit in that act. Your implicit testimony includes the following: 1) You believe that you committed tax fraud in that time window. 2) Each of the records in the box exist and were in your possession. 3) You believe that each of the records you are handing over show that you committed tax fraud in the relevant time window. Of these, the third is the most important. When the government issues an order requiring you to hand over a general category of records, you have to go back and decide which of your records fits within the general category and which does not. Handing over the records amounts to testimony that the records you are handing over are within that general class of records sought by the order. The 11th Circuit’s error was in applying language from cases compelling disclosure of broad classes of documents to the very different case of an order to enter a password to unlock a computer. The error is subtle but critical. It’s subtle because both cases involve steps that lead to the government accessing a lot of documents. If you look at the cases from 30,000 feet, they look kind of similar. But the error is critical because the testimonial aspects of production in the two cases are vastly different.
I haven’t read the briefs yet, but I was able to find one of them on PACER. I originally went looking because someone on Twitter linked to one of them, but not the other, so I was missing one. Apparently I didn’t need to do that, they were right here.