Legal Debates on Decryption and "Contents of the Mind"

14/06/2016 11:44 | Updated 14 June 2016

On 25 February, Magistrate Alicia G Rosenburg signed the first ever seizure warrant for a fingerprint to unlock the iPhone of Paytsar Bkhchadzhyan in Los Angeles. This move came as a surprise to privacy and security advocates since FBI Director James Comey has been actively complaining about encryption over the past several months, admitting in April that the FBI paid approximately $1.3m for software to hack into the iPhone of Rizwan Farook.  Also in April there is the New York case of an individual who had given investigators the passcode to an iPhone linked to a local drug investigation, resulting in the Department of Justice informing a federal judge that it was dropping its case against Apple.  Clearly encryption has not been preventing law enforcement from accessing devices.

However there is still some legal pushback to government pressures on decryption such as the Philadelphia man suspected of possessing child pornography who has been jailed for seven months for refusing to divulge passwords for two hard drives. Similar to Bkhchadzhyan's case, campaigners and lawyers are making the case that  decrypting mobile devices and hard drives implicates them and forces them to testify against themselves, an act which contravenes the fifth amendment of the US Constitution.  The Electronic Frontier Foundation has submitted an amicus brief (a friend-of-the-court brief) regarding the suspect's legal position informing the circuit court that "compelled decryption is inherently testimonial because it compels a suspect to use the contents of their mind to translate unintelligible evidence into a form that can be used against them. The Fifth Amendment provides an absolute privilege against such self-incriminating compelled decryption."  In this way any information stored in the brain would be treated like a blood sample or fingerprints recovered from a crime scene even for which the decryption of the locked or unlocked mobile device would necessitate a warrant.

The issues of decryption are also central to software design such as Google's new chat app, Allo, which has been the recent focus of controversy since the engineer who co-leads Google's product security team, Thai Duong, is pushing for end-to-end encryption.  Soon after Duong published his statement on Google's conflicting security measures, Edward Snowdon weighed in on this matter and Duong retracted part of his statement.  Google responded to Duong's critique claiming that if encryption were permanently enabled on Allo, it would would hinder its eponymously-named Assistant, a software that combs through conversations acting as a chat bot.

Similarly, on this side of the Atlantic and of concern to security and privacy advocates in the UK is Theresa May's Snooper's Charter (formally known as the Draft Communications Data Bill) which is flying through Parliament.  Should this bill be realised into law, it would create a far reaching power to compel communications service providers to collect and retain additional information about their users extending beyond current data retention (ie. that ISPs retain data collected for business purposes for longer than normal). Under the proposed bill, any organisation that interacts with users and produces or transmits electronic communications would be obliged to collect and retain information about them, even entirely irrelevant to their business needs.  That said, just this past week Theresa May has offered several concessions over this bill in the areas of privacy, the protection of journalists and MPs, a Wilson doctrine whereby the prime minister must specifically approve law enforcement to hack into MPs phones and computers, and access to bulk personal datasets and medical records must pass the "exceptional and compelling" legal tests.  This bill is in the report stage in the House of Commons this week.  Most notably this bill "enshrines in law the bulk data collection and mass computer and phone-hacking operations carried out by GCHQ, which were revealed by the whistleblower Edward Snowden in 2013, but also extends the security services' powers to track everyone's web history by introducing internet connection records that can be stored for 12 months and that can be accessed by the police and security services."

The First Reading of the Draft Communications Data Bill took place last week and the Second Reading of the Bill is set for 27 June, 2016.