Forced Decrypt: US Indiana Supreme Court to Rule on Rubberhose Powers

grarpamp grarpamp at
Mon Feb 4 21:58:26 PST 2019  # Lol at NSA

Any Supreme Court Ruling is A Big Deal...
File your own Amicus Brief to the Court Now.

Highest Court in Indiana Set to Decide If You Can Be Forced to Unlock Your Phone
By Andrew Crocker
February 4, 2019

When EFF preaches about the benefits of using device encryption on
smartphones, one of the most frequent questions we get is whether the
police can force you to turn over your passcode or unlock the device.
The answer should be no. The Fifth Amendment states that no one can be
forced to be “a witness against himself,” and we argue that the
constitutional protection applies to forced decryption. Last week, we
filed a brief making that case to the Indiana Supreme Court.

The case began when Katelin Eunjoo Seo reported to law enforcement
outside of Indianapolis that she had been the victim of a rape and
allowed a detective to examine her iPhone for evidence. But the state
never filed charges against Seo’s alleged rapist, identified by the
court as “D.S.” (Courts often refer to minors using their initials.)
Instead, the detective suspected that Seo was harassing D.S. with
spoofed calls and texts, and she was ultimately arrested and charged
with felony stalking. The state not only sought a search warrant to go
through Seo's phone, but a court order to force her to unlock it. Seo
refused, invoking her Fifth Amendment rights. The trial court held her
in contempt, but an intermediate appeals court reversed.

When the Indiana Supreme Court agreed to get involved, it took the
somewhat rare step of inviting amicus briefs. EFF got involved
because, as we say in our brief filed along with the ACLU and the ACLU
of Indiana, the issue in Seo is “no technicality; it is a fundamental
protection of human dignity, agency, and integrity that the Framers
enshrined in the Fifth Amendment.”

In recent years, courts have struggled with how to apply the Fifth
Amendment’s privilege against self-incrimination to compelled
decryption of encrypted devices.  It’s well settled that the privilege
protects against “testimonial” communications, which a 1957 Supreme
Court case describes as those that require a person to disclose “the
contents of his own mind.” It’s also clear that nonverbal acts can be
testimonial, such as being forced to respond truthfully to police
questioning with a “nod or headshake,” or to produce a gun that police
believe was used in a crime. Even responding to a subpoena for
documents can be a testimonial “act of production” because it reveals
information about the existence and authenticity of the documents, and
the subject’s possession of them.

So what about being forced to tell police your password, or to unlock an iPhone?

Our argument to the Indiana Supreme Court is that compelling Seo to
enter her memorized passcode would be inherently testimonial because
it reveals the contents of her mind. Obviously, if she were forced to
verbally tell a prosecutor her password, it would be a testimonial

By extension, the act of forced unlocking is also testimonial. First,
it would require a modern form of written testimony, the entry of the
passcode itself. Second, it would rely on Seo’s mental knowledge of
the passcode and require her to implicitly acknowledge other
information such as the fact that it was under her possession and
control. The lower appellate court in Seo added an intriguing third

    In a very real sense, the files do not exist on the phone in any
meaningful way until the passcode is entered and the files sought are
decrypted. . . . Because compelling Seo to unlock her phone compels
her to literally recreate the information the State is seeking, we
consider this recreation of digital information to be more testimonial
in nature than the mere production of paper documents.

Because entering a passcode is testimonial, that should be the end of
it, and no one should be ordered to decrypt their device, at least
absent a grant of immunity that satisfies the Fifth Amendment.

But there is an additional wrinkle. In a case from 1976 called Fisher
v. United States, the Supreme Court recognized an exception to the
Fifth Amendment privilege for testimonial acts of production. The case
involved responding to a subpoena for tax documents, and the
government could show to a “foregone conclusion” that it already knew
all of the information it would otherwise learn from the
production—i.e. the existence, authenticity, and possession of the
responsive documents.

Although the Supreme Court has never again relied on this foregone
conclusion exception, the government has built it into a full-blown
“doctrine.” State and federal prosecutors have invoked it in nearly
every forced decryption case to date. In Seo, the State argued that
all that compelling the defendant to unlock her phone would reveal is
that she knows her own passcode, which would be a foregone conclusion
once it “has proven that the phone belongs to her.”

As we argue in our amicus brief, this would be a dangerous rule for
the Indiana Supreme Court to adopt. If all the government has to do to
get you to unlock your phone is to show you know the password, it
would have immense leverage to do so in any case where it encounters
encryption. The Fifth Amendment is intended to avoid putting people to
a “cruel trilemma”: self-incriminate, lie about knowing the password,
or risk being held in contempt for refusing to cooperate.

Thankfully that’s not the law. Instead, it’s clear from Fisher and
later Supreme Court cases that the foregone conclusion exception was
intended to be very narrow. It has only been applied in a case
involving business records, and only where the testimonial
communication at issue was the act of providing specified documents.
The Court has made clear there is no foregone conclusion exception
where a person is required to use the contents of their mind, even in
responding to a more open-ended document subpoena. So there should be
no exception to the Fifth Amendment when the government compels
disclosure or use of a passcode to unlock and decrypt a digital

The Indiana Supreme Court is set to hold argument in Seo on April 18.
We’ll be watching for its ruling.

A year ago I was a front desk agent in one of the famous five stars IHG hotels.

Basically, their Privacy policy entails that they have the right to
sell anything and everything about you to third parties with all
methods present or future ones.

Not only that, there's a special FBI website for hotels where we have
to enter all guests details, including but not limited to: Passport or
ID scan, which room they're staying in, how long, nationality, full
name, payment method, date of birth. If I fail to enter some guests?
Well hello FBI agent, I'm not kidding, we have weakly FBI visits where
they run some inquiries about some guests and check if we entered all
the data.

Moving to security, I cannot stress enough how crap the security
measures are, your important Passport or ID info? It's stored on
Microsoft Onedrive in an image format and synced on ALL the hotel's
40+ computers. Not only that, but every credit card scanned is stored
along with security code in a plain text file! I shit you not and this
is a five stars international hotel we're talking about here. If I was
a criminal I would have copied the entire thing and sold it on the
deep web or something, it's just crazy. I complained about that to IT
but they ignored me!

Also they keep any documents the guests ask us to print or scan,
again, all saved to Microsoft Onedrive and synced fully to all
computers, I once saw a paper of one of the guests with extremely
sensitive details, and the poor guy thought his scanned documents are
not stored on the hotel's Onedrive folder.

Basically if you must travel try to stay in small hostels where they
don't scan documents and accept payments in cash or try couchserfing.

More information about the cypherpunks mailing list